There are companies whose entire business model is built around collecting personal data, including criminal records, employment details, addresses, and more. They use this data to offer background check services to other businesses and individuals. However, while they profit from this information, they often fail to adequately protect it. Earlier this year, the National Public Data (NPD) made headlines for failing to secure 2.7 billion records of people whose data it collected. Now, on a smaller scale, another data aggregator has exposed the personal information of 600,000 Americans.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What information leaked
As reported by Website Planet, the exposed database contained 644,869 PDF files, totaling 713.1 GB of sensitive data. These documents mainly consisted of background checks but also included court records, vehicle ownership details such as license plates and VINs, and property ownership reports. The background checks alone revealed highly sensitive personal data, including full names, home addresses, phone numbers, email addresses, employment details, information about family members, social media accounts, and criminal histories.
The worst part is that the database was left publicly accessible without password protection or encryption, allowing anyone to grab it. Anyone with the link could view and download the files. Plus, the files were named in a way that exposed personal details, using formats like “First_Middle_Last_State.PDF.” This made sensitive information visible even without opening the files.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
What you need to know about the company
The database that exposed over 600,000 records belongs to SL Data Services, LLC, an information research provider that appears to prioritize convenience over basic data security. The company operates a sprawling network of around 16 websites, including Propertyrec, which advertises real estate ownership data and property records. However, SL Data Services’ business goes far beyond property records, offering services like criminal background checks, DMV records, and even birth and death records.
While Propertyrec promotes its affordability, claiming users can search for documents for as little as $1, customer reviews paint a different picture. Many users report being unknowingly enrolled in subscription services, resulting in recurring charges instead of the promised one-time fees. This predatory business practice raises further questions about the company’s ethics and transparency.
BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU
How could the leak affect people?
The exposure of sensitive personal info in this breach is a big deal for the people involved. The database has detailed data about them, and that’s basically a jackpot for cybercriminals. This kind of leak can lead to various dangerous outcomes.
For one, attackers could use this info to run phishing scams or social engineering tricks. If they know details like your job, family, or even criminal history, they can send super convincing messages to trick you into sharing even more sensitive details, like your financial info. That’s not all. Criminals could also use this leaked data to impersonate someone, applying for loans, credit cards, or other services in their name.
What really gets me, though, is that most people whose info got leaked probably won’t even find out about it unless they’re using a service to remove their data. A lot of them might not have even known they were being background-checked in the first place. For those with criminal records, this kind of leak could cause major reputational damage or lead to discrimination, even if the info is outdated or flat-out wrong.
We reached out to SL Data Services/Propertyrec for a comment but did not hear back before our deadline.
7 ways to protect yourself from data leaks
1) Remove your personal information from the internet: While no service can promise to completely erase your data from the internet, using a data removal service is one of the best steps you can take. They do the heavy lifting by actively scanning and removing your personal information from hundreds of websites. This helps protect you from scammers who may cross-reference data from breaches with other information they find on the dark web.
My top recommendation is Incogni, which has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $6.49/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
2) Be wary of mailbox communications: With your address exposed, bad actors could try to scam you through physical mail. They may impersonate companies or people you trust and send fake urgent letters about things like missed deliveries, account suspensions, or security alerts. Be skeptical of unexpected communications and verify any claims before taking action.
3) Be cautious of phishing attempts, use strong antivirus software: The leaked data could lead to phishing attacks via email, phone calls, or messages from unknown sources. Be on high alert for any requests for personal information, especially if they seem urgent or ask you to click on suspicious links. Always verify the legitimacy of any request before responding.
To protect your devices from malicious links, make sure you have strong antivirus protection. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers:
4) Monitor your accounts: Given the scope of this breach, it’s crucial to start regularly reviewing your bank accounts, credit card statements, and other financial accounts. Keep an eye out for any unauthorized transactions and report them immediately to your bank or credit card company to prevent further damage.
5) Use strong, unique passwords: Create complex passwords for each of your online accounts and consider using a password manager to keep track of them securely.
6) Enable two-factor authentication (2FA): Implement this extra layer of security on all accounts that offer it to prevent unauthorized access.
7) Regularly update your software: Keep your operating system, apps, and security tools up-to-date to protect against known vulnerabilities.
WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED
Kurt’s key takeaway
It’s alarming how many companies profit from collecting personal data, yet fail to protect it adequately. Recent breaches, including one exposing the sensitive information of 600,000 Americans, highlight this negligence. With unprotected databases containing everything from criminal records to addresses, cybercriminals have a treasure trove of information to exploit. This situation underscores the urgent need for you to take proactive steps to safeguard your privacy and demand better security practices from these data aggregators.
Should companies face stronger penalties for failing to protect personal data? Let us know in the comments.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
9 comments
companies should Most Definitely face fines and pay restitution when they fail to protect their customers information.
When are companies going to be fined, sued, or people arrested for this? It’s a different company everyday, with no consideration for how critical the data is to the owners. Why should we be the ones who have to pay & pay for our own protection when the owners are not the ones who carelessly lost it? It should be illegal for all these companies to even collect our personal data!
Enter the giveaway by signing up for my free newsletter.
yes, company’s should face stronger penalties for failing to protect your personal information. My information was stolen when my tax preparer was hacked and someone filed taxes using my tax information. I’ve done what I can to protect myself. This was very stressful to me when it happened.
Enter the giveaway by signing up for my free newsletter.
As long as there is no penalty for the company, they will not protect the data. When this happens is they give the effected people free data protection for a year. They probably get a great deal from the protection company which is cheaper than protecting the data. They should face stronger penalties that make it more expensive to leak the data than it is protect it.
Should companies face stronger penalties for failing to protect personal data? YES. Perhaps a fine of $10,000 per file per breach would get their attention.
Absolutely!!!! Companies that discover any information that can be utilized to scam anyone or anywhere should have protection on that information. If a breach is discovered, they should be penalized the same as the persons who did the scamming.
Maybe it is about time a class action suit is put on these companies, the IT department and the CEO by all the people who have been affected by these breaches & each person get $100.000.00 each & the CEO pays the taxes on it.
These companies need to be held responsible
As you wrote in your recent newsletter: “It’s alarming how many companies profit from collecting personal data, yet fail to protect it adequately.” With seemingly daily announcements of data breaches, I think strong laws are needed to hold such companies accountable. I thought about contacting my Congressman about this situation, but I could never represent the urgency and scope of this problem the way you could. Have you ever considered encouraging your representatives to introduce and pass broad national laws about this huge issue that literally destroys lives?