A recent report by Cybernews has revealed a staggering data breach at MC2 Data, a prominent background check firm. The leak reportedly affects more than one-third of the United States population which compromises the personal information of over 100 million Americans.
According to the Cybernews investigation, the breach involved approximately 2.2 terabytes of data that contained over 106 million individual records. The exposed information is extensive and highly sensitive, including full names, home addresses, dates of birth, phone numbers, email addresses, property records, legal records, employment history, and even data about family members and neighbors.
MC2 Data operates several public records and background check services, including websites such as PrivateRecords.net, PrivateReports, and PeopleSearcher. These services compile and analyze data from various public sources to create comprehensive profiles used by employers, landlords, and others for decision-making and risk-management purposes.
The cause of this massive data leak appears to be human error. Cybernews researchers discovered that MC2 Data had left a database containing this sensitive information without password protection which made it easily accessible to anyone on the internet. This oversight has potentially put millions of Americans at risk of identity theft and other fraudulent activities.
The breach not only affects individuals whose personal information was exposed but also compromises the data of MC2 Data’s service subscribers. Over 2.3 million user records of individuals who had subscribed to MC2 Data’s services were also leaked, including names, email addresses, IP addresses, encrypted passwords, and partial payment information.
Aras Nazarovas, a security researcher at Cybernews, emphasized the severity of the situation. He pointed out that background-checking services have always been problematic, as cybercriminals often attempt to misuse these services to gather data on potential victims. This leak, according to Nazarovas, provides a “goldmine” for cybercriminals as it makes it easier for them to access and misuse detailed personal reports.
The potential consequences of this breach are far-reaching. Beyond the immediate risk of identity theft, the comprehensive nature of the exposed data could allow for sophisticated, targeted attacks on individuals. The leak also represents a massive violation of privacy for millions of Americans. Of particular concern is the exposure of subscriber data, as these could be high-value targets such as employers, landlords, or law enforcement agencies.
From a business perspective, MC2 Data now faces significant challenges. The company may encounter legal consequences and regulatory scrutiny for failing to protect sensitive information. Moreover, its reputation and trustworthiness in handling personal data have been severely compromised.
As of today, MC2 Data has not responded to requests for comment. It remains unclear whether the leaked data has been secured or if it continues to be accessible. The exact timeframe of the leak’s discovery and the duration of exposure were not specified in the report. As we increasingly live our lives online, protecting our personal information becomes more important than ever for our sense of security and peace of mind.