The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting "hundreds of millions" of people were potentially affected in one of the largest information leaks of the year.
In June, the hacking group USDoD put a 277.1 GB file of data online that contained information on about 2.9 billion individuals, and asked $3.5 million for it. The data came from National Public Data - a data brokerage owned by Jerico Pictures - which offered background checks to corporate clients via its API.
NPD confirmed it had been hacked in an attack on December 2023 and initially said just 1.3 million people had lost personal details, such as "name, email address, phone number, social security number, and mailing address(es)." But in the court documents filed for bankruptcy, the business concedes the total is much higher.
"The debtor is likely liable through the application of various state laws to notify and pay for credit monitoring for hundreds of millions of potentially impacted individuals," the bankruptcy petition [PDF] from Jerico Pictures states.
"As the debtor’s schedules indicate, the enterprise cannot generate sufficient revenue to address the extensive potential liabilities, not to mention defend the lawsuits and support the investigations. The debtor’s insurance has declined coverage."
- National Public Data tells officials 'only' 1.3M people affected by intrusion
- That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that
- Crooks threaten to leak 3B personal records 'stolen from background check firm'
- TransUnion reckons big dump of stolen customer data came from someone else
According to the filing, the organization is facing more than a dozen class-action lawsuits over the data loss and potential "regulatory challenges" from the FTC and more than 20 US states. Any plaintiffs will have a hard time getting any money out of Jerico, however, since the documents state the business has very limited physical assets.
In the accounting document [PDF], the sole owner and operator, Salvatore Verini, Jr, operated the business out of his home office using two HP Pavilion desktop computers, valued at $200 each, a ThinkPad laptop estimated to be worth $100, and five Dell servers worth an estimated $2,000.
It lists $33,105 in a corporate checking account in New York as its assets, although the business pulled in $1,152,726 in the last financial year, and estimates its total assets are between $25,000 and $75,000 in total.
It also lists 27 domains with a value of $25 apiece. These include the corporate website - now defunct - as well as a host of other URLs including criminalscreen.com, RecordsCheck.net, and asseeninporn.com.
A small operation could amass - and then lose - that much data may surprise some but that's the nature of many data brokerages. The startup and running costs are small and, as these filings show, such a business can be very lucrative - until it all goes wrong.
There was no comment from Mr. Verini at the time of publication. ®