Malicious actors leak 70 million records from US Criminal database

A US criminal database supposedly containing 70 million rows of sensitive personal data has been posted on a leak forum.

The sample provided includes crime categories and offenses, such as theft, possession of meth, or burglary, together with personal details. The sample includes full names, addresses, dates of birth, aliases, conviction dates, sentences, and more.

However, the actual data, according to hackers, contains many more fields, including Social Security numbers.

The database in CSV format was posted online by a notorious threat actor, USDoD, who has seemingly migrated from the FBI-seized BreachForums to another illicit leak site. The breach itself was attributed to threat actor SXUL.

They claim that the database size is 22GB when uncompressed and 3GB when compressed, and the data spans from 2020 to 2024.

Cybernews has not yet confirmed whether the data is genuine, and the exact source of the database is still unknown.

“Needless to say, having the criminal information leaked could have a tremendous impact, not only on the listed individuals but also on the justice system,” Malwarebytes Labs warns in a blog post.

“USDoD is a high-profile player in this field, closely associated with ‘Pompompurin,’ the operator of the first iteration of data leak site BreachForums. USDoD is said to have plans to set up a successor to the second iteration of BreachForums, which was recently seized by law enforcement. Releasing this database may be USDoD’s way to round up some interested users,” Malwarebytes Labs said.

Following the BreachForums seizure, USDoD announced a new, rebranded version of a hacker marketplace called “Breach Nation.”