The affected company, MC2 Data, provides background check services. The company collects, organizes and analyzes data from a vast range of public sources, such as criminal records, employment histories, family data and contact details. (Related: Massive DATA BREACH exposes personal data of 700 million users of Microsoft-owned LinkedIn.)
MC2 Data and similar companies use the gathered information to make complete profiles that are used by employers, landlords and other entities who depend on them for decision-making and risk management.
MC2 Data owns multiple background check websites, including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers and PeopleSearchUSA.
Cyber News reported that the total number of people affected by the data breach is 106,316,633. MC2 is being accused of leaving a database with 2.2 terabytes worth of information without a password and readily accessible on the open web, raising serious concerns regarding the ability of MC2 Data to protect the privacy and safety of people it conducts background searches on.
People and organizations needing background checks have also been exposed to data breach
People and organizations who require background check services from MC2 Data have also been exposed. The data of 2,319,873 users subscribed to MC2 Data services was also leaked.
The leaked data includes names, emails, IP addresses, encrypted passwords, payment information, home addresses, dates of birth, phone numbers, property records, legal records, employment history and even the data of their family, relatives and neighbors.
One of Cyber News' security researchers, Aras Nazarovas, pointed out that these problems have plagued the background check industry for years.
"Background-checking services have always been problematic, as cybercriminals would often be able to purchase their services to gather data on their victims," Nazarovas said. "While background-check services keep trying to prevent such cases, they haven't been able to stop such use of their services completely. Such a leak is a goldmine for cybercriminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively."
As stated by Cyber News researchers, the MC2 Data subscribers could be high-value targets for cybercriminals. These subscribers could be employers, landlords, law enforcement and similar entities. "If anyone else accessed this information, it could spark conflicts in some communities and organizations," Nazarovas said.
According to Thomas Richards, associate principal consultant at Synopsys Software Integrity Group, the scale of the breach exposes affected people to a range of future risks.
"Anyone affected by this breach needs to reset their password immediately on any site where it had been used before," Richards said. "MC2 customers need to be extra careful of any sudden and urgent requests to take unusual action, as they could be phishing attempts. The attackers have a lot of information that can be used to create attacks that will appear valid, which the customers need to be extra cautious about."
Background check corporations like MC2 Data hold on to massive stores of sensitive information, making them appealing targets for hackers. Late last year, cybercriminals stole about 2.9 billion personal data records from background check company National Public Data. The data included names, email addresses, phone numbers, mailing addresses and Social Security numbers.
Follow PrivacyWatch.news for more stories like this.
Watch the video below to learn more about the massive data breach of American Social Security numbers that happened on August 17.
This video is from the alltheworldsastage channel on Brighteon.com.
More related stories:
AT&T’s MASSIVE data breach affects 73 MILLION previous and current customers.
Data breach in Indonesian COVID-19 tracking app exposes data of over 1 million people.
Xfinity notifies customers of data breach due to "software vulnerability."
Sources include:
Please contact us for more information.
