Nearly a third of the US population appears to have had their private information leaked due to a security breach by a major background check company.
The company MC2 Data left roughly 2.2 terabytes of information easily accessible on the open web without even password protection, according to cybersecurity researchers who discovered the breach.
MC2 Data, they noted, owns several background check sites, including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers and PeopleSearchUSA.
This shocking privacy breach comes amid a summer of catastrophic leaks, including the July “RockYou2024” Independence Day leak, which exposed a staggering 10 billion passwords to cybercriminals, and a massive breach of Social Security numbers in the United States.
Background check firm MC2 Data left roughly 2.2 terabytes of data easily accessible on the open web without even password protection, cybersecurity researchers said, through “what was likely human error.”
“What was likely human error exposed 106,316,633 records containing private information about U.S. citizens,” according to Cyber Newsa cybersecurity news and investigations outlet based in Vilnius, Lithuania.
Cybernews’ Paulina Okunytė said the incident raises “serious privacy and security concerns.”
‘Individuals and organisations that require background checks have also been exposed, as data from 2,319,873 users who subscribed to MC2 Data services was leaked,’ Okunytė added.
The type of personal data included in the leak, he said, ranged from names and email addresses to more serious and private data such as encrypted passwords, partial payment information, etc.property records and legal records.
The security site noted that it had reached out to MC2 Data for comment but “has not yet received a response.”
However, one of Cybernews’ security researchers, Aras Nazarovas, noted that such issues have plagued the background check industry for years.
“Background check services have always been problematic, as cybercriminals were often able to purchase their services to collect data about their victims,” Nazarovas said.
“While background check services continue to try to prevent these cases, they have not been able to completely stop the use of their services,” he added.
‘This leak is a goldmine for cybercriminals, as it facilitates access and reduces the risk to them, allowing them to misuse these detailed reports more effectively.’
