Hot on the heels of the National Public Records data breach, which leaked over 2 billion records, another background check firm has now suffered a leak. The company in question, MC2 Data, exposed the sensitive data of around one-third of the U.S. population—106 million people—to the entire internet. While data leaks are sometimes unavoidable, in this case, MC2 Data is fully responsible, as it left a database containing 2.2TB of personal data passwordless.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
MC2 Data’s negligence led to the data leak
Cybernews broke the story of this security incident, noting that on August 7th, its research team discovered that MC2 Data had left a database containing 2.2TB of personal data unprotected and easily accessible to anyone on the internet.
The database contained 106,316,633 records with private information about U.S. citizens, and Cybernews estimates that at least 100 million individuals were affected by this massive data leak.
The leaked data included names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family, relatives, and neighbors’ data, as well as employment history. MC2 Data even exposed data of 2,319,873 users who subscribed to its services, including individuals and organizations needing background checks.
Cybernews
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
What was the company doing with all that data, anyway?
As I mentioned, MC2 Data is a background check firm. It was probably using the data to provide background check services, gathering information on people for clients like employers, landlords, or organizations needing to verify things like identities or employment history.
While data collection like this is pretty standard in the background check industry, companies are required to follow strict rules. They have to comply with federal, state, and local regulations to make sure their operations are legal and that people’s data stays protected.
“Background-checking services have always been problematic, as cybercriminals would often be able to purchase their services to gather data on their victims,” said Aras Nazarovas, a Cybernews security researcher.
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
The data leak is a goldmine for cybercriminals
The world’s most valuable resource is no longer oil but data. Everyone, from big tech companies to cybercriminals to small-time marketers, is willing to pay a premium for access to this vast amount of information. The biggest concern, however, lies with cybercriminals who can use this data for identity theft and other malicious attacks.
The leaked information of subscribers is particularly concerning, as these individuals could be high-value targets for cybercriminals. The subscribers may include employers, landlords, law enforcement, and similar entities.
MC2 Data is yet to issue a statement confirming the breach. We reached out to MC2 Data for a comment but did not hear back before our deadline.
It’s time to invest in identity theft protection
Cybercriminals who have access to this data may attempt identity theft, but with an identity theft protection service, you’ll be notified if and when you are affected. While there are many services that you can sign up for, my top recommendation is Identity Guard.
It can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. It can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
CyberGuy’s Exclusive Offer (save up to 52%): Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year.
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
4 ways to protect yourself from data breaches
In addition to opting for an identity theft protection service, you can follow these tips to protect yourself from data breaches.
1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the Internet, a data removal service is really a smart choice. They aren’t cheap – and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with the information they might find on the dark web, making it harder for them to target you.
My top recommendation is Incogni, which has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. You can add up to 3 emails, 3 home addresses, and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
3) Be cautious of phishing attempts: Be vigilant about emails, phone calls, or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request. The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements, and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.
Kurt’s key takeaway
When your business model relies on collecting people’s data and providing services based on that information, you must do everything possible to protect it. This is not only a moral responsibility but also a legal requirement. MC2 Data has failed to meet this obligation, and its negligence now puts millions of Americans at risk—many of whom were unaware that their data was being collected by the firm. Companies should face strict legal actions and hefty penalties for such incidents, rather than just receiving a slap on the wrist.
What do you think should be the consequences for companies that fail to protect consumer data? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
1 comment
Companies such as this that leave databases open for all to see should be driven out of business.