National Public Data, a data broker previously involved in a 2024 breach exposing 272 million unique Social Security Numbers (SSNs) and 2.9 billion records, has resurfaced under new ownership. The original breach led to lawsuits against its parent company, Jerico Pictures, forcing a shutdown in December 2024. The revived platform continues aggregating public and scraped data (government records, social media, property databases) into searchable dossiers, raising concerns over persistent exposure of sensitive personal information. Despite claims of 'privacy' and 'accuracy,' the re-emergence highlights systemic risks of data brokers monetizing leaked or poorly secured data, exacerbating identity theft and fraud risks for affected individuals. The incident underscores the lack of accountability in the data brokerage industry, where breached datasets resurface under new entities without remediation for victims.
TPRM report: https://www.rankiteo.com/company/upstream-intelligence-inc
"id": "ups525083025",
"linkid": "upstream-intelligence-inc",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '2.9 billion records (272 '
'million unique SSNs)',
'industry': 'Data Aggregation/People Search',
'location': 'USA (Originally Florida under Jerico '
'Pictures)',
'name': 'National Public Data',
'type': 'Data Broker'},
{'industry': 'Data Brokerage',
'location': 'Florida, USA',
'name': 'Jerico Pictures, Inc.',
'type': 'Parent Company'}],
'attack_vector': ['Poor Security Practices',
'Data Scraping from Public/Private Sources',
'Potential Unauthorized Access'],
'customer_advisories': ['New owners claim data is sourced from public records '
'and verified for accuracy.',
'Users can request removal of their personal '
'information.',
'Advisory to monitor for identity theft due to SSN '
'exposure.'],
'data_breach': {'data_exfiltration': ['Likely (Given Leak of 2.9 Billion '
'Records)'],
'number_of_records_exposed': '2.9 billion (272 million unique '
'SSNs)',
'personally_identifiable_information': ['Names',
'SSNs',
'Address Records',
'Property Ownership '
'Details',
'Social Media '
'Profiles'],
'sensitivity_of_data': ['High (SSNs, PII)'],
'type_of_data_compromised': ['Social Security Numbers (SSNs)',
'Public Records (Federal, State, '
'Local)',
'Property Ownership Data',
'Social Media Data']},
'date_publicly_disclosed': '2024',
'description': 'National Public Data, a data broker, suffered a major breach '
'in 2024 exposing 272 million unique Social Security Numbers '
'(SSNs) among 2.9 billion records. The site shut down in '
'December 2024 amid lawsuits against parent company Jerico '
'Pictures but was later revived under new ownership in 2025, '
'raising concerns about the continued exposure of sensitive '
'personal data. The new owners claim no affiliation with '
'Jerico Pictures and state that their data is sourced from '
'publicly available records, verified, and filtered for '
'accuracy.',
'impact': {'brand_reputation_impact': ['Severe (Associated with Mass Data '
'Leaks and Poor Security)'],
'customer_complaints': ['High (Due to Mass Exposure of Sensitive '
'Data)'],
'data_compromised': ['Social Security Numbers (SSNs)',
'Public Records',
'Personal Identifiable Information (PII)'],
'downtime': 'Site shut down in December 2024; revived in 2025 '
'under new ownership',
'identity_theft_risk': ['High (Due to Exposure of SSNs and PII)'],
'legal_liabilities': ['Lawsuits Against Jerico Pictures',
'Potential Regulatory Violations'],
'operational_impact': ['Legal Lawsuits Against Jerico Pictures',
'Reputation Damage',
'Regulatory Scrutiny'],
'systems_affected': ['Database Containing 2.9 Billion Records',
'People Search Engine Platform']},
'initial_access_broker': {'data_sold_on_dark_web': ['Likely (Given Historical '
'Context of Data Broker '
'Breaches)'],
'high_value_targets': ['SSNs',
'Comprehensive PII '
'Dossiers']},
'investigation_status': 'Ongoing (No Official Investigation Details Publicly '
'Available)',
'lessons_learned': ['Data brokers pose significant risks due to aggregation '
'of sensitive data from disparate sources.',
'Poor security practices can lead to mass exposure of '
'PII, including SSNs.',
'Revival of compromised platforms under new ownership '
'does not guarantee improved security.',
'Consumers must proactively monitor and remove their data '
'from such platforms.'],
'motivation': ['Financial Gain (Data Monetization)',
'Data Aggregation for Resale'],
'post_incident_analysis': {'corrective_actions': ['Site shutdown and change '
'of ownership (though '
'effectiveness unclear).',
'Public disassociation from '
'Jerico Pictures to '
'distance from prior '
'breaches.',
'Claimed improvements in '
'data verification '
'(unverified).'],
'root_causes': ['Lack of adequate security '
'controls to protect aggregated '
'sensitive data.',
'Over-reliance on public records '
'without sufficient safeguards '
'against mass exposure.',
'Failure to implement encryption '
'or access restrictions for '
'high-value data (e.g., SSNs).']},
'recommendations': ['Consumers should check National Public Data for their '
'exposed information and request removal.',
'Enable identity monitoring services to detect illegal '
'trading of personal data.',
'Use password managers and enable FIDO2-compliant 2FA to '
'mitigate risks from breaches.',
'Avoid storing payment details on websites to reduce '
'financial exposure.',
'Organizations should implement robust data protection '
'measures, including encryption and access controls.',
'Regulators should enforce stricter oversight on data '
'brokers to prevent misuse of sensitive data.'],
'references': [{'source': 'PCMag'},
{'source': 'National Public Data (Security Incident Update '
'Page)',
'url': 'https://nationalpublidata.com'},
{'source': 'Malwarebytes (Personal Data Remover)'}],
'regulatory_compliance': {'legal_actions': ['Lawsuits Against Jerico '
'Pictures']},
'response': {'communication_strategy': ['Update Page on Security Incident',
'Transparency About Data Sources '
'(Public Records)'],
'containment_measures': ['Site Shutdown (December 2024)'],
'recovery_measures': ['Site Revival Under New Ownership (2025)',
"Public Communication via 'About Us' and "
"'Security Incident' Pages"],
'remediation_measures': ['Change of Ownership',
'Public Disassociation from Jerico '
'Pictures',
'Data Verification and Filtering '
'(Claimed by New Owners)']},
'stakeholder_advisories': ['Consumers advised to check for exposed data and '
'take protective measures (e.g., password changes, '
'2FA, identity monitoring).',
'Warning about phishing attempts impersonating '
'vendors or leveraging breach urgency.'],
'title': 'National Public Data Breach (2024) and Subsequent Resurfacing',
'type': ['Data Breach', 'Data Leak', 'Unauthorized Data Scraping']}