The personal data of 2.9 billion people — full names, addresses going back 30 years, and Social Security Numbers — was stolen from National Public Data by a group that goes by the name USDoD:
The complaint goes on to explain that the hackers then tried to sell this huge collection of personal data on the dark web to the tune of $3.5 million.
[…]
So how does a firm like National Public Data obtain the personal data of almost 3 billion people? The answer is through scraping which is a technique used by companies to collect data from web sites and other sources online.
What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.