Following the leak, multiple class-action lawsuits were filed against Jerico Pictures Inc. for failing to secure the data. You can find technical post-mortems and security analysis of the breach on platforms like the Huntress Blog or specialized security news sites like Risky Business .
Once discovered, the data was reportedly scraped and posted to the dark web by a threat actor known as "USDoD." The hacker initially attempted to sell the database for , claiming it contained 2.9 billion records , including: Full names Social Security numbers (SSNs) Mailing addresses Phone numbers The Impact index_breached.vc.zip
The breach wasn't necessarily a complex hack but a critical oversight. A security researcher discovered that NPD had left a zip file—often identified as index_breached.vc.zip or similar variants—publicly accessible on their website. This file contained: Once discovered, the data was reportedly scraped and
The file index_breached.vc.zip is a notorious archive linked to a massive data breach involving , a background check company owned by Jerico Pictures Inc.. claiming it contained 2.9 billion records