Tonight, fear's a massive data breach may have impacted billions of people across the globe, according to a new class action lawsuit, which means social security numbers and other sensitive information could now be up for sale on the dark web. So how did this happen? A company called Jericho Pictures, which operates as national public data, is a Florida-based background check company. Npd takes data from public record databases, national and state databases, and court records. It then sells that data to a range of organizations like background check websites, investigators, app developers, and data resellers. According to the lawsuit, in April of this year, a hacking group called USDOD breached NPD systems and stole private information. The suit goes on to say in a post on the Dark Web on April eighth, USDOD claimed they stole 2.9 billion records of personal data, and we're trying to sell them for $3.5 million. That personal data includes names names, address histories, relatives, and social security numbers. In a statement on their website, NPD acknowledges the breach and says, We cooperated with law enforcement and governmental investigators and have implemented additional security measures. We reached out to NPD but did not hear back.

Since the information was posted for sale in April, other hackers have released different copies of the data, including a hacker known as Finesse, who posted the most complete version for free in in August, according to a cyber security news site, Bleeping Computer. Some good news, the database does not contain information from individuals who use opt-out services, according to the lawsuit.

This year has just been the year of the hackers.

But people on social media still panicking.

The biggest data breach, possibly in human history.

As many fear their private data is up for sale.

All right, for more on this concerning data breach and what it means for you, I want to bring in cyber Security expert, David Kennedy. David, thank you so much for joining us on this. This is huge. 2.9 billion records were in fact breached. Help us put this into context. And does that actually mean if we're talking about social security numbers, for instance, 2.9 billion social security numbers were in fact leaked?

We don't know fully if it's 2.9 billion individual records or if these are multiple reports. Now, this is a background checking company that basically looks at making I'm sure you don't have a record if you go to a job employment, but they have access to all of these national databases that can pull information on any US citizen. There's hundreds, if not thousands of these organizations, background check facilities, companies around the country. With the 2.9 billion, that number may dwindle a little bit, but it's not going to be substantially lower than that. We can pretty much assume that this is the largest data breach we've ever seen around social security numbers in the history. I was impacted by OPM, which was the data breach around classified top secret folks that are contractors or folks that were in the military. I was part of that as well. This pails in a comparison to that. This is a much larger data breach.

You have people at home right now saying, Is it me? Am I one of them? How do you find out if, in fact, you are one of them? If you find out you are, what do you do?

There's a class action lawsuit out right now for this particular area, and there's information being basically set up so you can actually go and check. It's not fully up and operational yet for checking. But I would assume 2.9 million people, there's a good chance that you're going to be on there. I mean, I would say, statistically, it's going to be in the upward of 90 percentile of US citizens that are probably impacted by this. So you should assume that your Social Security number is now compromised in British, unfortunately.

Wow, that is incredible. We reported that some people were actually safe because they took extra steps like opting out services. What are other things that people can do to protect themselves from future breaches?

Two things that are really important to note is that Social Security numbers in in general, are such a legacy piece of data. We need to move to more of a digital format, and the government really needs to be pushing for more digital ways of identifying individuals that are unique to an individual. Social Security numbers were never designed to be a security mechanism. They were designed in the '50s and '40s, and I think a lot has changed since then around technology. We need to do a better job around Social Security numbers and how we actually protect people's personal information. What you can do, though, my number one recommendation, and this is regardless of a data breach or not, is go to the three major credit bureaus, so Equifax, Experian, and TransUnion, and lock your credits in those. What happens is you just go to the website, you call them up, and they'll lock your credit. What that means is that when you go to take out a loan or you're looking at a new credit card or something like that, you have to call and you have to answer a few questions specific about yourself that you would only know.

It's very difficult for hackers to get around that. It locks your credit in place. That's one of the most protective features you can actually do.

That is a great tip and something I'm likely going to do after this podcast. It takes 10 minutes.

Thanks for watching. Stay updated about breaking news and top stories on the NBC News app or follow us on social media.