A major data breach has been uncovered at the background check firm MC2 Data, exposing the personal information of over 100 million US citizens. The breach, caused by a misconfigured database, left 2.2TB of sensitive data accessible online without password protection. This data included full names, emails, IP addresses, dates of birth, partial payment details, and employment and legal histories.
This follows another major data leak of US citizens that we reported in July, where over 300 million records were leaked.
What Was Leaked?
The breach impacted 106 million records, revealing extensive personal details such as home addresses, phone numbers, property records, and family information. Encrypted passwords were also exposed, raising concerns about potential brute-force attacks. If these passwords are cracked, they could provide access to other accounts due to the common practice of password reuse.
Industry Impact and Security Concerns
MC2 Data operates popular background check sites like PrivateRecords.net and PeopleSearchUSA, collecting information from public sources for use by employers, landlords, and others. This breach highlights significant flaws in how background check companies manage and secure vast amounts of personally identifiable information (PII). The leak puts millions at risk of identity theft, fraud, and other cyber-attacks.
How Do Hackers Use This Data?
Hackers can exploit leaked data for various malicious activities, such as identity theft, phishing scams, and financial fraud. Personal information, especially when combined with partial payment details or employment histories, can be used to impersonate victims or launch targeted attacks.
The Importance of Monitoring
Ongoing data breach monitoring is crucial for managing personal cyber risk. While such monitoring can't prevent breaches, it can immediately alert individuals if their data has been exposed. This allows users to take prompt action, such as changing passwords, enabling multi-factor authentication, and monitoring accounts for suspicious activity. Being proactive can significantly reduce the impact of a data breach and protect against further attacks.
Stay Protected with DynaRisk
At DynaRisk, we believe everyone should have access to cybersecurity tools to protect themselves, their businesses, and their families. We partner with industries worldwide, particularly in the insurance and financial sectors, to offer our software as part of a cyber insurance policy, cyber protection programme, or employee benefit.
To learn more about our products, visit our product or solutions pages. For more information or a quick chat, contact us at info@dynarisk.com.