Massive Data Breach at National Public Data Exposes 2.9 Billion U.S. Records
In April 2024, Florida-based data broker National Public Data suffered one of the largest security breaches in U.S. history, exposing personal information belonging to an estimated 2.9 billion individuals nearly every adult American. The incident underscored the risks posed by unregulated data brokers, companies that collect and sell consumer data without direct consent.
Following the breach, National Public Data filed for Chapter 11 bankruptcy, a move that could shield the company from civil lawsuits and limit accountability for affected individuals. The case highlights a growing trend where breached firms use bankruptcy to evade legal consequences, leaving victims with little recourse.
The fallout extends beyond National Public Data. A February 2025 breach at DermCare Management, a dermatology practice management firm, compromised sensitive health records, while a Los Angeles Police Department (LAPD) breach exposed 337,000 linked records. Even the FBI confirmed a major cyber incident involving its internal surveillance systems, demonstrating that law enforcement agencies are not immune to attacks.
Cybercriminals are increasingly leveraging AI-powered tools to scale attacks, including automated phishing, deepfake fraud, and credential-stuffing. The FBI reported $17 billion in direct cyber fraud losses over the past year, with unreported damages likely pushing the total higher. Meanwhile, state-sponsored actors particularly from adversarial nations are exploiting civilian infrastructure in geopolitical conflicts, turning personal devices into targets.
The debate over government surveillance further complicates the landscape. The Foreign Intelligence Surveillance Act (FISA), which allows warrantless collection of Americans’ international communications, has sparked controversy. While some lawmakers, like Rep. Jim Himes (D-CT), defend its necessity for national security, critics argue its authorities are too broad and lack sufficient oversight.
A 2026 breach in Australia exposed hundreds of thousands of records, signaling that these vulnerabilities extend beyond U.S. borders. Meanwhile, ISACA research reveals that privacy teams face shrinking budgets, AI-driven complexity, and accelerating breach rates, leaving organizations ill-prepared for future threats.
The National Public Data breach and its ripple effects paint a stark picture: private companies collect data recklessly, criminals exploit it at scale, and legal frameworks struggle to keep pace. The result is a structural vulnerability in the global data ecosystem, with no clear resolution in sight.
Source: https://amp.ibtimes.sg/who-owns-your-data-breaches-ai-fraud-fisa-spark-privacy-debate-85278
DermCare Management cybersecurity rating report: https://www.rankiteo.com/company/dermcare-management
"id": "DER1776085466",
"linkid": "dermcare-management",
"type": "Breach",
"date": "4/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2.9 billion individuals',
'industry': 'Data Brokerage',
'location': 'Florida, USA',
'name': 'National Public Data',
'type': 'Data Broker'},
{'industry': 'Healthcare',
'name': 'DermCare Management',
'type': 'Healthcare Practice Management'},
{'customers_affected': '337,000 linked records',
'industry': 'Government',
'location': 'Los Angeles, USA',
'name': 'Los Angeles Police Department (LAPD)',
'type': 'Law Enforcement'},
{'industry': 'Government',
'location': 'USA',
'name': 'FBI',
'type': 'Law Enforcement'}],
'data_breach': {'number_of_records_exposed': '2.9 billion',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'Personal information'},
'date_detected': '2024-04',
'description': 'In April 2024, Florida-based data broker National Public Data '
'suffered one of the largest security breaches in U.S. '
'history, exposing personal information belonging to an '
'estimated 2.9 billion individuals—nearly every adult '
'American. The incident underscored the risks posed by '
'unregulated data brokers, companies that collect and sell '
'consumer data without direct consent. Following the breach, '
'National Public Data filed for Chapter 11 bankruptcy, a move '
'that could shield the company from civil lawsuits and limit '
'accountability for affected individuals.',
'impact': {'brand_reputation_impact': 'Significant (bankruptcy filing)',
'data_compromised': 'Personal information of ~2.9 billion '
'individuals',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential civil lawsuits (shielded by '
'bankruptcy)'},
'lessons_learned': 'The incident highlights risks posed by unregulated data '
'brokers, the use of bankruptcy to evade legal '
'consequences, and the growing scale of AI-powered cyber '
'threats.',
'post_incident_analysis': {'root_causes': 'Unregulated data collection '
'practices, lack of sufficient '
'cybersecurity measures, and '
'structural vulnerabilities in the '
'global data ecosystem.'},
'references': [{'source': 'ISACA Research'}],
'regulatory_compliance': {'legal_actions': 'Chapter 11 bankruptcy filing'},
'title': 'Massive Data Breach at National Public Data Exposes 2.9 Billion '
'U.S. Records',
'type': 'Data Breach'}