Cybersecurity

Background check breach exposes info of nearly one in three Americans

Leak exposes over 100 million records.
article cover

Emily Parsons

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Roughly one in three Americans had their personal information exposed online after one of the country’s premier background check companies left a database exposed.

The breach was first revealed in a Cybernews research report on Sept. 23. According to the findings, public records tracker MC2 Data left a database containing 2.2 TB of data open to the internet without password protection, exposing 106,316,633 records of at least 100 million individuals. A further 2,319,873 users looking for background checks services also had their information leaked.

Check yourself. Aras Nazarovas, junior security researcher at Cybernews, said that the information exposed in the breach could have potentially negative ramifications beyond identity theft and the like. The Lithuania-based expert warned in the report that the information might “spark conflicts in some communities and organizations” and noted that background check data has often been used by cyber criminals to gather information on targets.

“While background check services keep trying to prevent such cases, they haven’t been able to stop such use of their services completely,” Nazarovas said. “A leak is a goldmine for cyber criminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively.”

Troubling trend. MC2 isn’t the first background check company to suffer a breach in the last year. National Public Data reported a breach of 2.7 billion public records in August, after records were leaked starting in April 2024 from an attack that started at least as early as December 2023. “The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es) and DOB,” the company said in a statement about the breach.

Teresa Murray, consumer watchdog director for the US Public Interest Research Group, told security professional organization ASIS International that the National Public Data breach is “much more concerning” than other attacks due to the breadth of information revealed in the leak.

“And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them,” Murray added.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B