UPDATE 8/15: National Public Data confirms the hack and is advising users to "place a free fraud alert on your credit file [and] consider placing a free credit freeze." Some experts don't believe the data dump truly contains 2.9 billion usable files, however.

Original Story:
A little-known company in Florida allegedly lost records on 2.9 billion individuals to hackers, according to a class-action lawsuit.

National Public Data specializes in background checks and fraud prevention. But the data it collects appears to have ended up in the hands of a hacking group called “USDoD." It began selling access to the stolen data in April, claiming to have info on users in the US, UK, and Canada. 

It has since been hit with a class-action lawsuit, Bloomberg Law reports. California resident Christopher Hoffman filed after his identity protection provider notified him that his personal data had been compromised in the breach. 

The data leak might be one of the largest of all time, although the full scale of the incident remains unconfirmed. National Public Data didn’t immediately respond to a request for comment. But in June, malware collection site VX Underground was able to review the stolen data, which was originally on sale for $3.5 million.  

“We reviewed the massive file – 277.1GB uncompressed, and can confirm the data present in it is real and accurate. We searched up several individuals who consented to having their information looked up,” VX Underground tweeted.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones

Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders

Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

According to VX Underground, stolen data includes Social Security numbers, full names, and user address history for over three decades. However, the archive doesn't appear to contain the personal information of users who opted out of such data collection. VX Underground says USDoD was a broker for the sale; a mysterious user dubbed “SXUL” was behind the breach. 

Although USDoD intended to sell the data to private buyers, the stolen data has apparently been freely circulating on a popular hacker forum, putting numerous users at risk of identity theft schemes. The archive also allegedly contains dates of birth and phone numbers.

Still, users who’ve downloaded the 277GB archive say it contains numerous duplicates; for example, some entries are devoted to the same person at different physical addresses, while others cover deceased individuals. Hence, the stolen data probably doesn’t ensnare 2.9 billion individuals, but probably closer to 225 million people — or the number of US users on which National Public Data had records.

“Members will have instant access to over 2.2 billion merged records covering all of the adult population in the USA and territories,” the company previously advertised for its People Finder tool. 

In the meantime, it looks like some identity protection services have already been able to analyze the stolen data and warn affected consumers after spotting their Social Security numbers in the archive. In response, Hoffman's class-action lawsuit is demanding National Public Data pay damages and undergo numerous IT security changes, including deleting the data it stores on US users unless it can provide reasonable justification.