One-third of the US population’s background info is now public


Cybernews exclusive research has revealed that a massive data leak at MC2 Data, a background check firm, affects a staggering amount of US citizens.

MC2 Data and similar companies run public records and background check services. These services gather, compile, and analyze data from a wide range of public sources, including criminal records, employment history, family data, and contact details.

They use this information to create comprehensive profiles that employers, landlords, and others rely on for decision-making and risk management.

ADVERTISEMENT

Websites that MC2 Data operates include:

  • PrivateRecords.net
  • PrivateReports
  • PeopleSearcher
  • ThePeopleSearchers
  • PeopleSearchUSA
mc2 data leak
Source: Cybernews

Despite dealing with staggering amounts of sensitive data, it is not always kept secure. On August 7th, the Cybernews research team uncovered that the company left a database with 2.2TB of people’s data passwordless and easily accessible to anyone on the internet.

What was likely to be a human error exposed 106,316,633 records containing private information about US citizens, raising serious concerns about privacy and safety. Estimates suggest that at least 100 million individuals were affected by this massive data leak.

People and organizations needing background checks have also been exposed, as the data of 2,319,873 users who subscribed to MC2 Data services was leaked.

Leaked data included:

  • Names
  • Emails
  • IP addresses
  • User agents
  • Encrypted passwords
  • Partial payment information
  • Home addresses
  • Dates of birth
  • Phone numbers
  • Property records
  • Legal records
  • Property records
  • Family, relatives, neighbors data
  • Employment history
ADVERTISEMENT

Putting countless individuals at risk

Businesses that operate public records and background check services are subject to strict regulations. They need to comply with various federal, state, and local regulations to ensure that their operations are legal and that individuals' data is protected.

The leak, which our team uncovered, raises concerns about how such entities manage and protect sensitive data. The exposure of a large volume of personally identifiable information (PII) violates privacy and puts countless individuals at risk of identity theft and other malicious attacks. Meanwhile, MC2 Data faces potential reputational damage and legal action.

“Background-checking services have always been problematic, as cybercriminals would often be able to purchase their services to gather data on their victims,” said Aras Nazarovas, a Cybernews security researcher.

“While background-check services keep trying to prevent such cases, they haven't been able to stop such use of their services completely. Such a leak is a goldmine for cybercriminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively.”

According to Cybernews researchers, the leaked subscribers' information is also troublesome, as they could be high-value targets for cybercriminals. These subscribers could be employers, landlords, law enforcement, and similar entities.

“If anyone else accessed this information, it could spark conflicts in some communities and organizations,” adds the researcher.

Cybernews reached out to MC2 Data multiple times but received no response. At the time of publishing, access to the database had been secured.

Updated on September 25th to include the date the leak was discovered and details about its closure.

mc2 data leak
Source: Cybernews
ADVERTISEMENT

ADVERTISEMENT

Comments

Igor
prefix 9 days ago
It would be a small amount of justice if this data breach also included the background information of the people running MC2 Data.
Leave a Reply

Your email address will not be published. Required fields are markedmarked