Extreme data breach may affect over 2 billion people

On August the 6th of 2024, one of the largest personal data sets ever leaked hit a dark web forum called Breachforums, free for anybody to download and use. Some 2.7 billion records were contained in the file, which was posted by a user with the handle Fenice. The records consist of key bits of personal information, such as addresses, dates of birth, and social security numbers, among other things. The breach reportedly affects people in the United States, United Kingdom, and Canada.

The data set was originally posted for sale in April of 2024 by user USDoD, an account with alleged ties to a cyber crime ring. The post advertised the data for sale at $3.5 million, but did not seem to drum up any interest at first. Before long, users began posting bits and pieces of the data set for free, leading up to Fenice leaking the entire file. Along with the file, Fenice alleged that USDoD was not actually responsible for the original breach, and that it was perpetrated by another user, SXUL.

The file posted by Fenice supposedly weighs in at well over 250 terabytes, and is in a common format that can be opened in Microsoft Excel, Google Sheets, or other comparable software. The file is thought to contain information on a large part of the population of each of the three named countries. Given that multiple records for each affected person may exist, and some people who were affected have already confirmed that some of the information is inaccurate, it's hard to pin down exactly how many people may have been affected.

The data was gathered by a company known as National Public Data, or NPD. The company's business model reportedly consists of nothing more than scraping public data sources and cobbling together the findings. A lawsuit was filed against the company by a man from Florida, and is being handled as a class action by two different law offices from Florida and California.

The suit alleges that NPD assumed a duty to protect personal data when they acquired and compiled it, and have failed in this duty. It also alleges that the company used non-public sources, leading to them being in possession of data on individuals that did not consent to having it collected. Allegations against NPD include negligence, unjust enrichment, and breach of fiduciary duty.

The above is the detailed content of Extreme data breach may affect over 2 billion people. For more information, please follow other related articles on the PHP Chinese website!