Massive criminal records leak exposes 70 Million Americans’ personal information

A group of cybercriminals leaked a database containing criminal records of 70 million Americans, according to cybersecurity company Malwarebytes. The leak contained people’s full names, dates of birth, known aliases, postal addresses, dates of arrest, dates of conviction, sentences, and more. This is bad news for anyone who has been convicted in the past.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

 

What happened: Detailed analysis of the incident

Malwarebytes posted the news of this data leak on its blog. The wording suggests the company didn’t have direct access to the leaked database. Still, the post revealed plenty of information about the incident and the threat actors behind the attack.

The hacking groups EquationCorp and USDoD are reportedly responsible for a major data breach involving the criminal record database. The breach, which resulted in the online leak of the database, contains 70 million entries. It includes the full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and other information of millions of Americans who had encounters with the U.S. justice system between 2020 and 2024.

We contacted Malwarebytes and spoke with Pieter Arntz, a security researcher at the company, who informed us that they were able to obtain a small sample of the criminal records, which are specific to individual incidents. Each entry represents either an arrest or a case rather than a comprehensive compilation of all crimes committed by a single person. In other words, these records provide a snapshot of discrete legal events rather than a comprehensive overview of an individual’s criminal history.

The exact source of this database is unknown. However, the hacker group USDoD, a major player in the field, is closely linked to “Pompompurin,” the operator of the original data leak site BreachForums. According to Malwarebytes, USDoD plans to create a successor to the second version of BreachForums, which was recently shut down by law enforcement. By releasing this database, USDoD might be trying to attract new users.

The same hacker is also believed to be involved in a breach at TransUnion, the data from which was partly dumped in September 2023.

 

MASSIVE DELL DATA BREACH HITS 49 MILLION USERS – WHAT THIS MEANS FOR YOUR PRIVACY AND SECURITY

 

What does this data leak mean for you?

If you’ve had a run-in with the law before, there’s a good chance that a bunch of the info you shared with law enforcement is now out there on the web. The exposure of such a comprehensive criminal database could have significant implications for law enforcement, judicial proceedings, and the individuals mentioned within the dataset.

The hackers who pulled off the leak might be looking to make a quick buck by selling your data to shady characters on the dark web. They might also try to con you by pretending to be someone you trust or a legit company, aiming to get their hands on some cash.

This much bulk data can also be used by bad actors to threaten, harass, and blackmail people with records similar to the Ashley Madison breach. For the unaware, In July 2015, a hacker group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. These hackers copied personal information from the user base and threatened to expose users’ names and personal details unless Ashley Madison shut down right away.

 

SNEAKY SPYWARE IS AFTER YOUR MOST SENSITIVE DATA  

 

6 measures to take to protect yourself from a data breach

If you suspect you’ve been impacted by this data breach, follow these steps to protect your personal data and privacy.

1) Invest in identity theft protection: If you think your personal data has been leaked, scammers may try to impersonate you to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

CyberGuy’s Exclusive Offer: Get the Identity Guard Ultra protection to protect your identity and credit through tax season and beyond for as little as $9.99/mo (lowest offered anywhere) for the first year. 

See my tips and best picks on how to protect yourself from identity theft.

Best identity theft protection services 2024

 

2) Place a fraud alert: Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.

 

3) Be cautious of phishing attempts: Be vigilant about emails, phone calls, or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. 

My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2024

 

4) Check Social Security benefits: It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud.

 

5) Invest in removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.

Special for CyberGuy Readers (60% off):  Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $6.49/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers.  I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.

Get Incogni here

 

6) Change your password: You can render a stolen password useless to thieves simply by changing it. Opt for a strong password—one you don’t use elsewhere. Even better, consider letting a password manager generate one for you.

 

AT&T DATA LEAK FROM 73 MILLION CUSTOMERS – WHAT YOU NEED TO DO NEXT  

 

Kurt’s key takeaway

The fact that threat actors were able to leak such a comprehensive amount of data suggests serious loopholes in government systems. These issues need to be addressed to prevent data breaches like this from exposing people’s personal information. As there’s currently no advisory from the government, you’ll have to take matters into your own hands. Stay extra vigilant against identity theft and targeted phishing attacks.

Have you ever been a victim of a data breach? If yes, what steps did you take to protect your personal data? Let us know in the comments below. 

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you