California’s privacy regulator is asking a court to fine a data broker that lost hundreds of millions of Social Security numbers in one of last year’s biggest data breaches.
The California Privacy Protection Agency (CPPA), which enforces California’s state rules on data protection and privacy rights, known as CCPA, said Thursday that it is seeking a fine of $46,000 against National Public Data for failing to register as a data broker in the state.
National Public Data made headlines after a data breach in April 2024 that saw hackers steal the company’s databases containing Social Security numbers and other personal information, amounting to around three billion records affecting around 270 million individuals (though much of the data appeared inaccurate). The theft was one of the largest data breaches of 2024by the number of records stolen.
The data broker filed for bankruptcy protection following the breach as the company said it had no way to pay its debts. But a Florida bankruptcy court rejected the company’s petition in November 2024, leaving the door open for creditors and other authorities to launch legal action against the data broker.
The CPPA said Thursday that its enforcement division filed a claim against National Public Data last year for failing to register with the agency as a data broker, and is now continuing to seek the $46,000 fine from the company following the bankruptcy court’s ruling.
Data brokers collect and then sell individuals’ personal information, such as location data, for profit. Brokers that operate in California had to register with the CPPA by January 31, 2024 or face fines of up to $200 per day. National Public Data registered on September 18, 2024, more than seven months later, according to the CPPA, and only registered after the agency’s enforcement officials contacted the company.
Per the CPPA, its action against National Public Data is its sixth enforcement effort against a data broker since its inception. The previous five actions ended in settlement agreements, the agency said.
Disrupt 2025 will be here before you know it! Secure your ticket now at the lowest price of the year. From AI and startups to space, fintech, and IPOs—experience game-changing insights across five main stages, breakouts, roundtables, unparalleled networking, and so much more.
Salvatore Verini, the owner of Jerico Pictures, the parent company of the hacked data broker National Public Data, did not respond to a request for comment.
