Researchers have uncovered a massive data breach that arose from background check company MC2 Data. The company apparently left a 2.2 terabyte database, which was 106,316,633 records, publicly available on the internet without securing it with a password. More than 100 million, which is about one-third of US citizens, may have had their personal information compromised. This shocking privacy breach follows a summer of catastrophic breaches, which included the enormous US social security number hack and July’s Independence Day ‘RockYou2024,’ which gave cybercriminals access to an astounding 10 billion passwords.
MC2 Data gathers information from various sources, such as contact information, career history, criminal records, and family history, in order to conduct its checks. Employers and landlords can purchase the individual profiles created from this data and decide if someone can rent a house, work at their firm, or be granted a loan. The company operates several websites, including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers, and PeopleSearchUSA.
According to Cybernews, which uncovered the breach, the leaked data includes a wide array of personally identifiable information (PII), such as names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family data, and employment history.
The researchers suggest the leak was likely caused by human error because the data included the details of over two million customers who had subscribed to MC2 Data services in addition to those who had had background checks performed. According to Cybernews security researcher Aras Nazarovas, “Background-checking services have always been problematic, as cybercriminals would often be able to purchase their services to gather data on their victims. While background-check services keep trying to prevent such cases, they haven’t been able to stop such use of their services completely. Such a leak is a goldmine for cybercriminals as it eases access and reduces risk, allowing them to misuse these detailed reports more effectively.”
Strict regulations must be applied to businesses that provide background checks and public records services. They must abide by several federal, state, and municipal laws to ensure the legality of their business practices and the security of personal information. Concerns regarding how these organizations handle and safeguard sensitive data are brought up by this disclosure. MC2 Data may be subject to legal action and damage to reputation in the interim.
