A massive data leak of some 2.7 billion records may include sensitive personal data for every person in the US, UK, and Canada. For the US, the data includes social security numbers.
The data is said to have come from a company known as National Public Data, which collects and sells personal data for use in background checks by private investigators and others …
Bleeping Computer reports that a hacker attempted to sell this data (then said to be 2.9B rather than 2.7B records) for $3.5M, stating that it contained records of every individual in each of the three countries.
Since then, there have been various partial leaks, but what is said to be a full copy of the database has now been made available for download.
The leaked data consists of two text files totaling 277GB and containing nearly 2.7 billion plaintext records, rather than the original 2.9 billion number originally shared by USDoD.
While BleepingComputer can’t confirm if this leak contains the data for every person in the US, numerous people have confirmed to us that it included their and family members’ legitimate information, including those who are deceased.
Each record consists of the following information – a person’s name, mailing addresses, and social security number, with some records including additional information, like other names associated with the person. None of this data is encrypted.
The site notes that the number is far higher than the combined populations of the three countries because there is a separate record for each address at which an individual is known to have lived.
As some of the address data is outdated, it’s believed that it may have been obtained from an old backup of the database, rather than the live version.
9to5Mac’s Take
Top comment by Fam
How are these data brokers not held liable for all these leaks? Like the top management needs to be in jail
As always, we need to remain vigilant to phishing attacks, which can be made to seem more convincing when messages include personal data.
The best way to protect yourself is to never click on links sent via email, even if they appear genuine. Always use your own bookmarks, a Google search, or type in a known URL (not the one in the email) manually.
Common ploys used by scammers are emails which claim your account is in danger of being suspended or closed; that you need to update your login details; that you need to confirm or refute an expensive purchase (a very common attack method with Apple customers); or act quickly to claim a too-good-to-be-true offer.
Photo by Benjamin Lehman on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments