National Public Data Relaunches Despite 2.9 Billion SSNs Breach

National Public Data (NPD) is back under new ownership after leaking 2.9B records, raising new concerns about data brokers and privacy risks.

When the National Public Data (NPD) website first went offline in April 2024, it looked like the end of the story. The platform, once operated by Jerico Pictures, had just experienced one of the largest breaches in history, with up to 2.9 billion records leaked online.

The trove of leaked data included names, addresses, Social Security numbers (SSN), phone numbers, and even family details affecting individuals across the United States, the United Kingdom, and Canada. For many, the shutdown was a moment of accountability for a data broker that had been collecting and selling information most people never even realized was being stored.

Jerico Pictures filed for Chapter 11 bankruptcy in the aftermath of the breach, but the site is already back online, this time under new ownership. A Florida company called Perfect Privacy LLC has taken over, reviving the same services and, according to privacy experts, possibly offering even less oversight than before.

While the site still has a page detailing the previous data breach, Hackread.com can also confirm that the revived National Public Data platform still contains the same information that was stolen in the breach. The data remains searchable as before, and the real question is how a service that exposed some of the most sensitive details of millions of people is back online with little more than a change in ownership.

The page still displays the breach incident (Image credit: Hackread.com)

In a comment to Hackread.com, Karolis Arbaciauskas, head of product at NordPass, called the amount of information still live on the National Public Data site a “privacy nightmare.” He noted that even basic details like relatives and neighbors can give cybercriminals enough ammunition to launch convincing phishing scams. He advised anyone who finds their data on the platform to request removal immediately, but warned that leaked data may already be circulating among criminal groups.

****The US DoD Hacker and the Legal Cases Against Jerico Pictures, Inc.****

The hacker who first claimed responsibility for the breach used the alias Fenice. Then came the “US DoD” hacker who initially played the role of middleman to sell the data and later leaked it online.

He spoke exclusively with Hackread.com, describing himself as a Brazilian citizen. Months later, Brazilian authorities confirmed his arrest. Despite that arrest, the damage was done; the scraped and stolen database had already been leaked online.

The leaked NPD data on BreachForums (Image credit: Hackread.com)

The legal consequences of the breach soon caught up. In Hofmann v. Jerico Pictures, Inc., filed August 1, 2024, in the U.S. District Court for the Southern District of Florida, plaintiff Christopher Hofmann accused the company of negligence and failure to safeguard data.

The lawsuit points out that the exposed records included not only Social Security numbers but also personal relationships, dates of birth, and past addresses, all stored without proper encryption or redaction.

Hofmann is seeking damages along with court-ordered reforms that would force the company to adopt strict data security practices such as annual third-party audits, stronger encryption, and mandatory threat management controls. Other lawsuits followed, making Jerico Pictures one of the most legally targeted data brokers in recent years.

The revived National Public Data website (Image credit: Hackread.com)

****Opt-Out NOW!****

Although the site now markets itself as a “free people search engine,” the risks are still there. The site now offers an opt-out form for those who want to remove their profiles, but the reality is that once data has been leaked, it cannot be erased from circulation.

Nevertheless, National Public Data’s return shows how weak oversight of data brokers puts sensitive information at risk, leaving ordinary people to deal with the consequences long after the breach.