A significant data breach that exposed billions of records’ worth of personal information is currently being investigated by federal lawmakers.
“The Committee on Oversight and Accountability is investigating recent news reports about a potential cyberattack on National Public Data by a cybercriminal group known as USDoD,” stated the lawmakers, referencing the lawsuit filed earlier in the month.
Representatives James Comer (R-Ky.) and Nancy Mace (R-S.C.) signed the letter, which highlights the allegations that USDoD hackers offered the stolen data—comprising Social Security numbers, phone numbers, email addresses, and mailing addresses—for sale at $3.5 million on the dark web. The total number of individuals affected by the breach remains uncertain, although the lawsuit suggests it could be as high as 2.9 billion people.
Related Stories
“If accurate, this data breach could potentially be one of the most significant cyberattacks ever in terms of affected individuals,” the Republicans expressed. “The Committee requests a briefing to verify the authenticity of the attack and, if confirmed, evaluate the potential repercussions of the breach on the U.S. government, businesses, and the public, as well as National Public Data’s response to the incident.”
The Maine attorney general’s office also released a notice about the breach—submitted by Verini—on Aug. 17, revealing that 2,760 residents of the state had been impacted.
As per the lawsuit, many individuals whose information was exposed in the breach were not clients of National Public Data but had their data “scraped” by unauthorized third parties and shared with the company without their consent.
The complaint further alleges that the company stored unencrypted personal records, making them vulnerable to hackers, and failed to provide adequate notification of the breach to those affected.
“The lack of transparency from National Public Data regarding the cyberattack is concerning given the alleged compromised information and potential harm to numerous victims,” Comer and Mace noted, emphasizing that the company has yet to offer a detailed account of the incident.
To address this, they requested that the requested briefing be held no later than Aug. 30.
“To the best of our knowledge, we anticipate the briefing will outline the timing and nature of the breach, how it occurred, a description of the data that was compromised, and the steps being taken by National Public Data in response to the breach,” they added.
The Epoch Times has reached out to National Public Data for comment.
Rachel Acenas and Jack Phillips contributed to this report.
Please rewrite this sentence.
Source link
