106 million Americans exposed as massive data leak leaves background check company reeling

Hot on the heels of the National Public Records data breach that resulted in the loss of over 2 billion records, another background check company has also suffered a leak. The company in question, MC2 Data, exposed the sensitive data of around a third of the US population – 106 million people – to the entire Internet. While data leaks are sometimes unavoidable, in this case MC2 Data takes full responsibility as a database containing 2.2 TB of personal data was left without a password.

GET SAFETY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

MC2 Data's negligence led to the data leak

Cybernews broke the story of this security incident, noting that on August 7, its research team discovered that MC2 Data had left a database containing 2.2 TB of personal data unprotected and easily accessible to anyone on the Internet.

The database contained 106,316,633 records containing private information about U.S. citizens, and Cybernews estimates that at least 100 million people were affected by this massive data breach.

The leaked data included names, emails, IP addresses, user agents, encrypted passwords, installment information, home addresses, dates of birth, phone numbers, property records, legal documents, family, relative and neighbor information, and employment history. MC2 Data even exposed data from 2,319,873 users who subscribed to its services, including individuals and organizations requiring background checks.

Cybernews

THE HIDDEN COST OF FREE APPS: YOUR PERSONAL DATA

What was the company doing with all this data anyway?

As I mentioned earlier, MC2 Data is a background checking company. It's likely the data was used to provide background check services and collect information about people for clients such as employers, landlords or organizations that needed to verify things like identity or employment history.

While such data collection is fairly standard in the background check industry, companies must adhere to strict rules. They must comply with federal, state and local regulations to ensure that their operations are legal and people's data remains protected.

“Background checking services have always been problematic because cybercriminals have often been able to purchase their services to collect data on their victims.” said Aras Nazarovas, a Cybernews security researcher.

FROM TIKTOK TO THE PROBLEM: HOW YOUR ONLINE DATA CAN BE WEAPONED AGAINST YOU

The data leak is a goldmine for cybercriminals

The world's most valuable resource is no longer oil, but data. Everyone from big tech companies to cybercriminals to small marketers are willing to pay a premium for access to this massive amount of information. The greatest concern, however, is cybercriminals who can use this data for identity theft and other malicious attacks.

Leaked subscriber information is particularly concerning, as these individuals could represent valuable targets for cybercriminals. Subscribers may include employers, landlords, law enforcement agencies, and similar entities.

MC2 Data has not yet issued a statement confirming the breach. We reached out to MC2 Data for comment but did not receive a response before our deadline.

It's time to invest in identity theft protection

Cybercriminals who have access to this data may attempt identity theft. However, with an identity theft protection service, you will be notified when you are affected. Although there are many services you can sign up for, my top recommendation is Identity Guardian.

It can monitor personal information such as your Social Security number (SSN), phone number, and email address and alert you if it is sold on the dark web or used to open an account. It can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best aspects of using it Identity Guardian is that they may include identity theft insurance up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a The US-based case manager will help you recover any losses.

CyberGuy Exclusive Offer (Save up to 52%): Get Identity Guard Ultra protection to protect your identity and credit for just $9.99/month (the lowest price ever) for the first year.

The world's largest database of stolen passwords has been uploaded to the crime forum

4 ways to protect yourself from data breaches

In addition to choosing an identity theft protection service, you can follow these tips to protect yourself from data breaches.

1) Remove your personal information from the Internet: Although no service can guarantee the complete removal of your data from the Internet, a data removal service is truly a smart choice. They're not cheap – and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to delete your personal information from the internet. By limiting the information available, you reduce the risk that fraudsters will associate breach data with the information they may find on the dark web, making it harder for them to target you.

My top recommendation is Incognitowhich has a very clean interface and searches 195 websites for your information, removes it and keeps it removed.

Specially for CyberGuy readers (60% discount): Incogni offers a 30-day money-back guarantee and then applies a special CyberGuy discount only the links in this article by $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on annual plan and get a fully automated data removal service, including recurring removal of Over 190 data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (US residents only) and have them removed from the data broker's databases. I recommend the family plan because it only costs $4.12 per person per month with year-round coverage. It's an excellent service and I highly recommend at least trying it out to find out what it's all about.

Get Incogni here

Get Incogni for your family (up to 4 people) here.

2) Be careful with voicemail communication: Criminals may also try to scam you via mail. The data leak gives them access to your address. They may impersonate people or brands you know and use topics that need urgent attention, such as: E.g. missed deliveries, account suspensions and security alerts.

3) Be careful of phishing attempts: Be alert to emails, phone calls, or messages from unknown sources requesting personal information. Avoid clicking on suspicious links or providing sensitive information unless you can verify the legitimacy of the request. The best way to protect yourself from clicking on malicious links that install malware is to install strong antivirus protection on all your devices.

My first choice is Total AVand you can get one Limited-time offer for CyberGuy readers: $19 in the first year (80% off) for the TotalAV Antivirus Pro package.

4) Monitor your accounts: For breaches of this magnitude, you must regularly check your bank accounts, credit card statements, and other financial accounts for unauthorized activity. If you notice any suspicious transactions, report them to your bank or credit card company immediately.

Kurt's key to take home

If your business model relies on collecting personal information and providing services based on that information, you must do everything you can to protect that information. This is not only a moral responsibility but also a legal obligation. MC2 Data has failed to meet this obligation, and its negligence now puts millions of Americans at risk – many of whom were unaware that their data was being collected by the company. Companies should expect strong legal action and heavy penalties for such incidents, not just a slap in the face.

What consequences do you think should arise for companies that fail to protect consumer data? Let us know in the comments below.

FOR MORE OF MY SAFETY ADVICE, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Copyright 2024 CyberGuy.com. All rights reserved. Articles and content on CyberGuy.com may contain affiliate links which may result in a commission if purchases are made.