A data leak has exposed the personal and employment information of over 100 million Americans. The breach occurred due to a background check company's failure to secure its database, leaving millions vulnerable to exploitation.
The data leak was uncovered by security researchers at Cybernews, who discovered that a company called MC2 Data, which operates several public record and background check websites, had left a database containing approximately 106 million records or 2.2 terabytes of data completely unprotected and accessible to anyone on the internet. The information included the names, email addresses, phone numbers, physical addresses, dates of birth, employment histories, property records, legal records, and even details about the families, relatives, and neighbors of the affected individuals.
The researchers found that the database was left unsecured on August 7th, potentially allowing anyone with internet access to download and misuse the personal data. While no financial information was reported to be included in the leak, the exposure of such a vast amount of sensitive details puts the affected individuals at risk of targeted phishing attacks, identity theft, and other malicious activities.
In response to the discovery, Cybernews reported that this data leak is likely the result of human error rather than a deliberate hacking attempt. However, the consequences of this oversight could be far-reaching, as the personal information of at least 100 million U.S. citizens and 2.3 million MC2 Data subscribers has been compromised.
A data leak is the unauthorized exposure, sharing, or transfer of sensitive, protected, or confidential information. This can include personal details such as names, social security numbers, credit card information, and medical records. Data leaks may arise from various sources, including hacking, malware attacks, insider threats, or insufficient security protocols.
Yes, individuals or organizations affected by a data leak may pursue legal action to seek compensation for damages incurred due to the incident.
When a healthcare organization identifies a data leak, it should promptly contain the leak, evaluate the extent of the impact, inform affected individuals and relevant authorities, and initiate an investigation to determine the cause of the leak and implement measures to prevent future occurrences.