Background Data Company Suffers Massive Data Breach

John Lister's picture

Almost three billion personal data records have been stolen from a background check company. The massive breach has unintentionally proven the value of data opt-out laws.

The people who stole the data had put it up for sale to other criminals for $3.5 million, but it seems they didn't find a buyer. They are reportedly now planning to release the data publicly.

That might seem an odd move given its supposed value, but it's likely part of a long game. It means that if the same group steal data in the future, they would be able to blackmail the business with more credibility.

The data is said to be from National Public Data, a Florida-based background check company. It mainly operates by letting third parties access its database to look up records. The company has not commented publicly on the case. (Source:

Social Security Numbers Leaked

The database is 277.1GB and contains records on an unknown number of people who live or have lived in the United States. It's said to include names, address history over the past three records, social security numbers, and details of close relatives. (Source:

The group who tried to sell the data appears to be the same one that previously offered financial information about TransUnion customers. The group appears to be acting as a go-between on behalf of the people who actually stole the data.

Opt-Out Worked

One element of good news is that the list doesn't contain any data from people who exercised data opt out laws, suggesting that data handling businesses are respecting the laws.

Several US states have rules that mean citizens can opt out of having businesses sell their personal data. The states include California, Colorado, Connecticut and Virginia. Usually the businesses must have a dedicated web page with details of how to exercise this right, usually by completing a form.

What's Your Opinion?

Are you surprised the thieves are planning to release the data? Have you ever exercised data opt-out rights? Do companies handling data need tougher regulation to make sure they maintain security?

| Tags:
Rate this article: 
Average: 4.9 (8 votes)


ehowland's picture

I always OPT-Out of anything I can, so I should NOT be one of the effected.

Do what I do, pick a fake birthday and use that everywhere. Wrong day, wrong month, wrong year. If Kids ever do social media, have them also pick a fake birthday and a fake name/alias identity. Use the name of someone you dislike, LOL.

Chief's picture

Maybe someday when the pols stop receiving lobby money they will change the world to Opt IN.
My data is mine unless I give it to you.

I love it when I find my stuff encumbered with all sorts of incorrect information.
The latest are real estate agents wanting to buy my property - that I have never owned.