Jerico Pictures Inc., a background-check company doing business as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach, a proposed class action says.On April 8, a cybercriminal group by the name of USDoD posted a database entitled “National Public Data” on a dark web forum, claiming to have the personal data of 2.9 billion people, according to the complaint filed Thursday in the US District Court for the Southern District of Florida, which said the group put the database up for sale for $3.5 million.If confirmed, the breach could be among the biggest ever, in terms of the number of individuals affected. A 2013 breach of Yahoo! compromised the data of an estimated 3 billion individuals.It’s unclear exactly when or how the breach occurred, according to the complaint, and the provider still hasn’t provided notice or warning to affected individuals as of the filing.To conduct its business, National Public Data scrapes the personally identifying information of billions of individuals from non-public sources—meaning plaintiffs didn’t knowingly provide their data to the company, the complaint said.Some of the information exposed includes Social Security numbers, current and past addresses spanning decades, full names, information about relatives—including some deceased for nearly two decades—and more, according to the complaint.National Public Data didn’t immediately respond to a request for comment.Named plaintiff Christopher Hofmann, a California resident, said he received a notification from his identity-theft protection service provider on July 24, notifying him that his data was exposed in a breach and leaked on the dark web.He accused National Public Data of negligence, unjust enrichment, and breaches of fiduciary duty and third-party beneficiary contract.Hofmann asked the court to require National Public Data to purge the personal information of all the individuals affected and to encrypt all data collected going forward. In addition to monetary relief, he also asked for a series of requirements, including that National Public Data segment data, conduct database scanning, implement a threat-management program, and appoint a third-party assessor to conduct an evaluation of its cybersecurity frameworks annually for 10 years.Kopelowitz Ostrow PA, Arnold Law Firm, and Wucetich & Korovilas LLP represent Hofmann and the proposed class.This case is Hofmann v. Jerico Pictures, Inc., S.D. Fla., No. 0:24-cv-61383, complaint filed 8/1/24.