The National Public Data breach leaked 2.9 billion records with SSNs, and the company filed for bankruptcy, so there is no entity left to hold accountable or to fund remediation

In April 2024, a hacker breached National Public Data, a background check company operated by a single individual under the business name Jerico Pictures. The breach exposed 2.9 billion records containing full names, current and past addresses, Social Security numbers, dates of birth, and phone numbers for people in the US, UK, and Canada. The stolen dataset was initially listed for sale at $3.5 million on dark web forums, then leaked for free. It contained 272 million unique Social Security numbers. The scale is staggering, but the aftermath is worse. Fourteen lawsuits were filed. In October 2024, Jerico Pictures filed for Chapter 11 bankruptcy, effectively shielding itself from liability. The company had no meaningful assets to cover credit monitoring for hundreds of millions of affected individuals. Victims received no notification, no credit monitoring, and no remediation. Many did not even know the company existed or held their data. The SSNs leaked in this breach will be used for fraud for decades, because SSNs cannot be changed. Every identity thief now has a free, searchable database of real SSNs paired with real names, addresses, and birth dates. This problem persists because data brokers operate with virtually no regulatory oversight. There is no federal licensing requirement for companies that aggregate and sell personal data. There is no minimum cybersecurity standard they must meet. There is no insurance requirement to cover breach remediation. A single-person LLC can accumulate billions of records of sensitive data, get breached, file for bankruptcy, and walk away. The people whose data was exposed have no recourse, no notification, and no way to change the SSN that is now permanently compromised. The breach was a one-time event, but the damage is permanent and unfixable.