Skip to main content

Massive data leak may include the personal data of every person in the US, UK, and Canada

A massive data leak of some 2.7 billion records may include sensitive personal data for every person in the US, UK, and Canada. For the US, the data includes social security numbers.

The data is said to have come from a company known as National Public Data, which collects and sells personal data for use in background checks by private investigators and others …

Bleeping Computer reports that a hacker attempted to sell this data (then said to be 2.9B rather than 2.7B records) for $3.5M, stating that it contained records of every individual in each of the three countries.

Since then, there have been various partial leaks, but what is said to be a full copy of the database has now been made available for download.

The leaked data consists of two text files totaling 277GB and containing nearly 2.7 billion plaintext records, rather than the original 2.9 billion number originally shared by USDoD.

While BleepingComputer can’t confirm if this leak contains the data for every person in the US, numerous people have confirmed to us that it included their and family members’ legitimate information, including those who are deceased. 

Each record consists of the following information – a person’s namemailing addresses, and social security number, with some records including additional information, like other names associated with the person. None of this data is encrypted.

The site notes that the number is far higher than the combined populations of the three countries because there is a separate record for each address at which an individual is known to have lived.

As some of the address data is outdated, it’s believed that it may have been obtained from an old backup of the database, rather than the live version.

9to5Mac’s Take

Top comment by Fam

Liked by 26 people

How are these data brokers not held liable for all these leaks? Like the top management needs to be in jail

View all comments

As always, we need to remain vigilant to phishing attacks, which can be made to seem more convincing when messages include personal data.

The best way to protect yourself is to never click on links sent via email, even if they appear genuine. Always use your own bookmarks, a Google search, or type in a known URL (not the one in the email) manually.

Common ploys used by scammers are emails which claim your account is in danger of being suspended or closed; that you need to update your login details; that you need to confirm or refute an expensive purchase (a very common attack method with Apple customers); or act quickly to claim a too-good-to-be-true offer.

Photo by Benjamin Lehman on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications