National Public Data Collapses After Massive Social Security Number Breach
National Public Data (NPD), a Florida-based background-check and data-broker firm owned by Jerico Pictures, filed for bankruptcy and later shut down after a breach exposed an enormous cache of personal information, including names, addresses, and Social Security numbers. The company tied the incident to a December 2023 intrusion by a third-party actor, while outside reporting said a 277.1 GB dataset containing roughly 2.9 billion records was later offered on the dark web for $3.5 million and may have affected people in the United States, United Kingdom, and Canada.
The fallout quickly expanded beyond the initial disclosure. NPD had first indicated that about 1.3 million people were impacted, but bankruptcy filings said potential liabilities could extend to hundreds of millions of individuals, far beyond the company’s ability to fund notifications, credit monitoring, litigation, and investigations. More than a dozen class-action complaints were filed, regulators in over 20 US states and the FTC were cited as possible sources of scrutiny, and reporting also pointed to alleged exposure of back-end database passwords. Consumers were urged to freeze credit with the major bureaus and monitor for identity theft as the company’s insurance reportedly denied coverage and its operations unraveled.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
National Public Data shuts down after the breach fallout
By December 3, 2024, reporting said the company behind the massive Social Security number leak had shut down. This followed the breach, mounting lawsuits, and bankruptcy proceedings.
Bankruptcy filing says breach may affect hundreds of millions
On or before October 9, 2024, National Public Data filed for bankruptcy in Florida, stating that liabilities from the breach could extend to hundreds of millions of people rather than the 1.3 million it had previously cited. Court records said the company lacked the assets to cover notifications, credit monitoring, lawsuits, and investigations, and that insurance had denied coverage.
National Public Data acknowledges incident and says it is investigating
By mid-August 2024, National Public Data had publicly acknowledged awareness of third-party claims about the breach and said it was investigating with law enforcement. The company also said it had purged the database and deleted non-public personal information, while advising consumers to protect themselves.
National Public Data dataset is leaked for free on Breached forum
By 2024-08-11, nearly 2.7 billion plaintext records allegedly stolen from National Public Data were reportedly posted for free on the Breached forum. The leak exposed names, Social Security numbers, addresses, and aliases, and was attributed in the post to actors Fenice and SXUL after the dataset had previously been advertised for sale.
Class-action and federal complaints mount against NPD and Jerico Pictures
Since early August 2024, legal fallout accelerated, including a class-action lawsuit in Florida and at least 14 federal complaints against National Public Data and its parent company Jerico Pictures. The suits alleged inadequate security practices and insufficient notice to affected individuals.
Leaked National Public Data records emerge online in April 2024
Reporting cited in the references says data from National Public Data began leaking in April 2024 after the earlier intrusion. The exposed information reportedly included names, Social Security numbers, and addresses.
USDoD allegedly offers 2.9 billion-record dataset for sale
In June 2024, the hacking group USDoD was reported to have published or offered for sale a 277.1 GB dataset tied to National Public Data, claiming it covered about 2.9 billion individuals and demanding $3.5 million. The dataset was described as affecting people in the US, UK, and Canada.
National Public Data suffers intrusion in December 2023
National Public Data later said a third-party bad actor breached its systems in December 2023. The intrusion became the root cause of the later mass exposure of personal data.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Tucker Carlson, hacked on his own podcast, blames mental patients and asks for biometrics - Boing Boing
boingboing.net
Open sourceCompany Behind Massive Social Security Number Leak Shuts Down | PCMag
pcmag.com
Open sourceNational Public Data files for bankruptcy after info leak
theregister.com
Open sourceOne-third of the US population’s background info is now public | Cybernews
cybernews.com
Open sourceNational Public Data admits it leaked Social Security numbers in a massive data breach | The Verge
theverge.com
Open sourceHow to know, what to do if your data was leaked in massive breach
thehill.com
Open sourceHackers leak 2.7 billion data records with Social Security numbers
bleepingcomputer.com
Open sourcePersonal Data of 3 Billion People Stolen in Hack, Suit Says (1)
news.bloomberglaw.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
National Public Data Breach Exposed Social Security Numbers and Personal Records
National Public Data disclosed a security incident affecting a large repository of consumer background-check and people-search information, with exposed data reported to include highly sensitive personal identifiers such as **Social Security numbers**, names, mailing addresses, and other profile details. The company published a breach notice on its website, while an individual notification letter filed with the California Attorney General indicates affected residents were formally notified that their information may have been involved. The incident drew attention because the compromised records appear to involve data commonly used for identity verification and fraud, increasing the risk of **identity theft**, account takeover, and social-engineering abuse. The notification materials show the breach response included direct notice to impacted individuals and guidance on protective steps such as monitoring accounts and credit activity, underscoring the seriousness of the exposure for consumers whose records were held by the data broker.
May 26, 2026
Prosper Data Breach Exposes Sensitive Information of 17.6 Million Individuals
Prosper, a prominent peer-to-peer lending marketplace, suffered a significant data breach in September 2025, resulting in the exposure of sensitive personal information belonging to 17.6 million customers and loan applicants. The breach was detected on September 2, 2025, and was publicly disclosed by Prosper, which confirmed that unauthorized access to their systems had occurred. The compromised data includes a wide range of personally identifiable information such as names, email addresses, dates of birth, Social Security numbers, government-issued IDs, employment statuses, income levels, credit status information, physical addresses, IP addresses, and browser user agent details. Prosper stated that, despite the breach, there was no evidence that customer accounts or funds were accessed or compromised. The company’s customer-facing operations remained uninterrupted throughout the incident. Prosper has reported the breach to relevant authorities and is actively collaborating with law enforcement agencies to investigate the attack. The company is still determining the full scope of the data affected and has committed to providing free credit monitoring services to impacted individuals once the investigation clarifies the extent of the exposure. The breach was added to the Have I Been Pwned database on October 16, 2025, which helped reveal the scale of the incident, specifically the number of unique email addresses involved. Prosper has advised all users to change their passwords if they have not done so since the breach and to enable two-factor authentication for enhanced security. The company has also published a dedicated FAQ page to address customer concerns and provide ongoing updates. The attackers reportedly accessed the data through unauthorized queries on company databases that store customer and applicant information. Prosper emphasized that resolving the incident is a top priority and pledged to share additional information with customers as the investigation progresses. The breach has raised concerns about the security of financial services platforms and the protection of sensitive customer data. Security experts recommend that affected individuals monitor their credit reports and remain vigilant for signs of identity theft. The incident underscores the importance of robust cybersecurity measures and timely breach notification in the financial sector. Prosper’s response and transparency in handling the breach will be closely watched by regulators and customers alike. The breach has significant implications for the privacy and security of millions of individuals whose data was entrusted to the platform.
Mar 21, 2026
Multiple Data Exposure and Breach Reports Involving French Citizens, Victorian Students, and Alleged PayPal Credentials
Security researchers reported a large, publicly exposed database on an open cloud server containing **tens of millions of French citizen records** aggregated from at least five prior breaches, including voter data, healthcare entries, CRM contacts, financial profiles (including **IBANs/BICs**), and vehicle-related information. The dataset appears to have been compiled to increase resale value and enable identity cross-linking, elevating risks of **phishing, fraud, and identity theft**. Separately, Australia’s **Victorian Department of Education** notified parents that an unauthorized party accessed a student database containing names, school names, year levels, school-issued email addresses, and **encrypted passwords**, prompting a forced password reset and temporary account access disruption; the department stated more sensitive fields (e.g., home addresses, phone numbers) were not exposed and investigators had not confirmed public release. In another unrelated report, researchers questioned the veracity of a newly claimed **PayPal** breach, assessing a ~100,000-record credential “combolist” as likely **outdated infostealer-log data** rather than evidence of a fresh PayPal compromise, noting PayPal’s prior refutation of similar claims and the practical barriers posed by MFA.
Mar 21, 2026