More than 100 million Americans may have their private information out in the world and accessible to anyone after a large company that does background checks left the data unsecured.
According to cybersecurity experts, MC2 Data placed more than 2 terabytes of data on Americans on the open internet without even a password to protect it. The company owns a number of sites that offer background checking services, such as PrivateRecords.net, PeopleSearcher, and others.
This is just the latest in a number of huge data leaks that have been announced this year. Just a few months ago a huge data leak called RockYou2024 put 10 billion passwords out into the public domain along with a huge leak of U.S. citizen Social Security Numbers.
The cybersecurity researchers focusing on the recent MC2 Data breach said the problem most likely came down to “human error.” But regardless of how it happened, the Lithuanian firm Cybernews said more than 106 million private records belonging to individuals in the U.S. are now out there for the taking.
Cybernews’ Paulina Okunytė said the privacy breach affected not only the people about whom background information was being sought, but also the firms and individuals conducting the background checks. This raises “serious concerns about privacy and safety,” she said. More than 2 million people or firms who subscribed to the sites to get background information on others also had their data exposed, Okunytė said.
Just what got leaked? What didn’t get leaked might be a better question. The leak exposed legal names, email addresses, encrypted passwords, legal documents, and at least portions of payment information like credit card numbers.
Another Cybernews researcher said this kind of breach has dogged the background check industry for a long time.
Aras Nazarovas said cybercriminals have long used background check services “to gather data on their victims.”
Cybernews warns businesses like landlords and employers, who make frequent use of background check services when deciding whether to rent or hire, that their use of the services could become known to others. This could “spark conflicts in some communities and organizations,” the firm said.