California’s privacy regulator is requesting a court to impose a fine on a data broker responsible for losing hundreds of millions of Social Security numbers in one of the most significant data breaches of the previous year.
The California Privacy Protection Agency (CPPA), an entity that enforces state rules regarding data protection and privacy rights in California, announced on Thursday that it is pursuing a $46,000 fine against National Public Data for not registering as a data broker within the state.
National Public Data became widely known after experiencing a data breach in April 2024, during which hackers accessed the company’s databases containing Social Security numbers and other personal information, totaling approximately three billion records and impacting around 270 million individuals. Much of this data appeared to be inaccurate. This incident was one of the largest data breaches in 2024 in terms of the number of records stolen.
Following the breach, National Public Data filed for bankruptcy protection, claiming it was unable to pay its debts. However, in November 2024, a Florida bankruptcy court dismissed the company’s petition, allowing creditors and other authorities to initiate legal action against the data broker.
The CPPA stated on Thursday that its enforcement division had initially filed a claim against National Public Data for failing to register as a data broker last year. The agency is now persisting in its effort to secure the $46,000 fine from the company after the bankruptcy court’s decision.
Data brokers, such as National Public Data, collect and sell personal information, including location data, for profit. Companies operating in California had a deadline to register with the CPPA by January 31, 2024, or face fines of up to $200 per day. According to the CPPA, National Public Data registered on September 18, 2024, more than seven months past this deadline, and only did so after being contacted by the agency’s enforcement officials.
The CPPA mentioned that its action against National Public Data is the sixth enforcement effort against a data broker since the agency’s establishment. The previous five actions concluded with settlement agreements, according to the agency.
Salvatore Verini, the owner of Jerico Pictures, the parent company of the compromised data broker National Public Data, did not respond to a request for comment.
