A group of cybercriminals leaked a database containing criminal records of 70 million Americans, according to cybersecurity company Malwarebytes. The leak contained people’s full names, dates of birth, known aliases, postal addresses, dates of arrest, dates of conviction, sentences, and more. This is bad news for anyone who has been convicted in the past.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What happened: Detailed analysis of the incident
Malwarebytes posted the news of this data leak on its blog. The wording suggests the company didn’t have direct access to the leaked database. Still, the post revealed plenty of information about the incident and the threat actors behind the attack.
The hacking groups EquationCorp and USDoD are reportedly responsible for a major data breach involving the criminal record database. The breach, which resulted in the online leak of the database, contains 70 million entries. It includes the full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and other information of millions of Americans who had encounters with the U.S. justice system between 2020 and 2024.
The exact source of this database is unknown. However, the hacker group USDoD, a major player in the field, is closely linked to “Pompompurin,” the operator of the original data leak site BreachForums. According to Malwarebytes, USDoD plans to create a successor to the second version of BreachForums, which was recently shut down by law enforcement. By releasing this database, USDoD might be trying to attract new users.
The same hacker is also believed to be involved in a breach at TransUnion, the data from which was partly dumped in September 2023.
MASSIVE DELL DATA BREACH HITS 49 MILLION USERS – WHAT THIS MEANS FOR YOUR PRIVACY AND SECURITY
What does this data leak mean for you?
If you’ve had a run-in with the law before, there’s a good chance that a bunch of the info you shared with law enforcement is now out there on the web. The exposure of such a comprehensive criminal database could have significant implications for law enforcement, judicial proceedings, and the individuals mentioned within the dataset.
The hackers who pulled off the leak might be looking to make a quick buck by selling your data to shady characters on the dark web. They might also try to con you by pretending to be someone you trust or a legit company, aiming to get their hands on some cash.
This much bulk data can also be used by bad actors to threaten, harass, and blackmail people with records similar to the Ashley Madison breach. For the unaware, In July 2015, a hacker group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. These hackers copied personal information from the user base and threatened to expose users’ names and personal details unless Ashley Madison shut down right away.
SNEAKY SPYWARE IS AFTER YOUR MOST SENSITIVE DATA
6 measures to take to protect yourself from a data breach
If you suspect you’ve been impacted by this data breach, follow these steps to protect your personal data and privacy.
1) Invest in identity theft protection: If you think your personal data has been leaked, scammers may try to impersonate you to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.
up to 1 million dollars to cover losses and legal feesUS-based case manager helps you recover any losses
CyberGuy’s Exclusive Offer:
2) Place a fraud alert: Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.
3) Be cautious of phishing attempts: Be vigilant about emails, phone calls, or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.
4) Check Social Security benefits: It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud.
5) Invest in removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
Special for CyberGuy Readers (60% off): 175+ data brokers
6) Change your password: You can render a stolen password useless to thieves simply by changing it. Opt for a strong password—one you don’t use elsewhere. Even better, consider letting a password manager generate one for you.
AT&T DATA LEAK FROM 73 MILLION CUSTOMERS – WHAT YOU NEED TO DO NEXT
Kurt’s key takeaway
The fact that threat actors were able to leak such a comprehensive amount of data suggests serious loopholes in government systems. These issues need to be addressed to prevent data breaches like this from exposing people’s personal information. As there’s currently no advisory from the government, you’ll have to take matters into your own hands. Stay extra vigilant against identity theft and targeted phishing attacks.
Have you ever been a victim of a data breach? If yes, what steps did you take to protect your personal data? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.