It appears that nearly a third of the US population has experienced a security breach at a major background check company.
According to the cybersecurity researchers who discovered the leak, the company MC2 Data left approximately 2.2 terabytes of information easily accessible on the open web, without any password protection.
MC2 Data, they say, owns several background check sites, including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers, and PeopleSearchUSA.
This shocking breach of privacy comes during a summer of catastrophic breaches, including the “RockYou2024” Independence Day event in July, which exposed as many as 10 billion passwords to cybercriminals, and a massive breach of U.S. Social Security numbers.
Background checking firm MC2 Data left about 2.2 terabytes of data easily accessible on the open web, without even password protection, cybersecurity researchers said – through “what was likely human error.”
“What was likely human error exposed 106,316,633 documents containing private information about American citizens,” it said. Cyber Newsa cybersecurity research and news organization based in Vilniaus, Lithuania.
Cybernews’ Paulina Okunytė believed the incident raises “serious privacy and security concerns.”
‘People and organizations requiring background checks have also been exposed, as the data of 2,319,873 users who had subscribed to MC2 Data services, [also] “leaked,” Okunytė added.
The type of personal data involved in the breach, she noted, ranged from names and emails to more serious and private data such as encrypted passwords, partial payment information, prope work records and legal documents.
The security website said it had contacted MC2 Data for comment, but that “no response has yet been received.”
However, one of Cybernews’ security researchers, Aras Nazarovas, noted that these types of issues have plagued the background check industry for years.
“Background check services have always been problematic because cybercriminals could often purchase the services to collect data on their victims,” Nazarovas said.
“While background check services continue to try to prevent such cases, they have not been able to completely stop the use of their services,” he added.
‘Such a leak is a goldmine for cybercriminals, as it makes access easier and reduces the risks for them, allowing them to abuse these detailed reports more effectively.’