California's privacy regulator, the California Privacy Protection Agency (CPPA), is taking legal action against National Public Data, a data broker that suffered one of the largest data breaches of 2024, exposing hundreds of millions of Social Security numbers and other personal information. The CPPA is seeking a fine of $46,000 against the company for failing to register as a data broker in the state.

The data breach, which occurred in April 2024, saw hackers steal National Public Data's databases containing sensitive information, affecting around 270 million individuals. Although much of the stolen data appeared to be inaccurate, the breach was one of the largest of its kind last year. Following the breach, National Public Data filed for bankruptcy protection, citing its inability to pay its debts. However, a Florida bankruptcy court rejected the company's petition in November 2024, leaving the door open for creditors and authorities to pursue legal action.

The CPPA's enforcement division filed a claim against National Public Data last year for failing to register with the agency as a data broker, as required by California's state rules on data protection and privacy rights, known as the California Consumer Privacy Act (CCPA). The agency is now continuing to seek the $46,000 fine from the company following the bankruptcy court's ruling. Data brokers like National Public Data collect and sell individuals' personal information, such as location data, for profit, and those operating in California were required to register with the CPPA by January 31, 2024, or face fines of up to $200 per day.

National Public Data registered with the CPPA on September 18, 2024, more than seven months after the deadline, and only did so after the agency's enforcement officials contacted the company. The CPPA's action against National Public Data is its sixth enforcement effort against a data broker since its inception, with the previous five actions ending in settlement agreements. The regulator's move highlights the importance of data brokers complying with privacy regulations and protecting sensitive information.

The CPPA's enforcement action against National Public Data serves as a warning to other data brokers operating in California, emphasizing the need for compliance with state privacy rules. As the agency continues to pursue legal action against National Public Data, it remains to be seen how the case will unfold and what implications it may have for the data brokerage industry as a whole.

Salvatore Verini, the owner of Jerico Pictures, the parent company of National Public Data, did not respond to a request for comment on the matter. The case is a significant development in the ongoing efforts to protect consumer privacy and hold data brokers accountable for their actions.