Security
Headlines
HeadlinesLatestCVEs

Headline

Stolen data from scraping service National Public Data leaked online

Cybercriminals have leaked records from National Public Data, a data scraping service that provides background checks.

Malwarebytes
#web#git#perl

Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence.

The stolen data comes from a data scraping service trading under the name “scraping” which was allegedly breached by a cybercriminal group by the name of USDoD.

In April, a member of this group posted the database, which contains the data of some 2.9 billion people, up for sale for $3.5 million. Then, earlier this week, the 277 GB of data was offered for download for free on the notorious BreachForums by another member of the USDoD group.

USDoD member posted links to database

The database contains records that, among others, contain the fields:

  • First name
  • Last name
  • Middle name
  • Date of Birth
  • Address
  • City
  • County
  • State
  • Zip code
  • Phone number
  • Social Security Number

The publication of the data came a few days after a complaint was filed in the US District Court for the Southern District of Florida. The complaint against Jerico Pictures Inc, trading as National Public Data, accuses the defendant of failure to properly secure and safeguard the personally identifiable information (PII) that it collected as part of its regular business practices.

Jerico Pictures is a background check company that allows its customers to instantly search their database containing billions of records. The data in these records is scraped from non-public sources without knowledge or consent. A major problem with this is that the company has no ties with the victims, so most of them will have no idea that their data has been made public.

The plaintiff filed the complaint after they found out about the breach when an identity theft protection service notified him in July that their personal information had been compromised and leaked on the dark web.

This, while apparently some of the victims have already noticed the misuse of their Social Security Numbers.

One of the requests of the plaintiff is for the court to require National Public Data to purge the personal information of all the individuals affected and to encrypt all data collected going forward.

We have voiced our objections against data brokers in the past. The same is true for data scrapers like National Public Data, because, as we have seen, breaches at these data brokers can be combined with others and result in a veritable treasure trove of personal data ending up in the hands of cybercriminals. This database by itself qualifies as such a treasure trove and it is now available to every cybercriminal out there.

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Malwarebytes: Latest News

Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)