this post was submitted on 07 Aug 2024
516 points (98.5% liked)

Technology

59216 readers
2512 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 176 points 3 months ago (3 children)

The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years, Social Security Numbers, and more, was stolen from National Public Data by a cybercriminal group that goes by the name USDoD. The complaint goes on to explain that the hackers then tried to sell this huge collection of personal data on the dark web to the tune of $3.5 million. It's worth noting that due to the sheer number of people affected, this data likely comes from both the U.S. and other countries around the world.

What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.

What exactly makes this company so different from the hacking group that breached them? Why should they be treated differently?

[–] [email protected] 30 points 3 months ago (1 children)

I feel like that might be bad phrasing on the part of the article. They mainly aggregate public records, like legal document style public records, and they also scrapped data from not-(public record) data, which isn't the same as (not-public) record data.

I feel like I would want more details to be sure though, but scrapping usually refers to "generally available" data.

[–] [email protected] 4 points 3 months ago (1 children)

That all depends. If they're pulling that private data for use in questionnaires, the terms may not allow them to save it, but they scrape it from the form.

[–] [email protected] 2 points 3 months ago

Yeah, it definitely might still be a bad data source,and it's shady either way, just pointing out that "not public data" has a few meanings, and not all of them are synonymous with "private data".

[–] jaybone 17 points 3 months ago

Same with the big three credit reporting bureaus Equifax and whoever the fuck. Did anyone ever give them permission to horde all of their personal info? I don’t think so.

[–] [email protected] 3 points 3 months ago

All depends on the terms of use from those that provide the data to them that they scraped from. I bet they never expected a customer to do it.