MC2 Data leak Exposes 100 million+ US Citizens Data

Researchers have uncovered a massive data breach at MC2 Data, a prominent background check firm.

The breach has exposed sensitive information of over 100 million US citizens, raising serious concerns about data privacy and security.

Background Check Firms Under Scrutiny

MC2 Data is part of an industry that compiles and analyzes data from various public sources to create comprehensive profiles used by employers, landlords, and other entities for decision-making.

These profiles include criminal records, employment history, and personal contact details. Despite the sensitive nature of this data, the industry has faced criticism for not always ensuring robust security measures. 

The recent breach at MC2 Data highlights these vulnerabilities. According to Cybernews, the company left a database containing 2.2TB of data unsecured and accessible to anyone online.

This oversight exposed 106,316,633 records, potentially affecting at least 100 million individuals.

Download Free Incident Response Plan Template for Your Security Team – Free Download

Details of the Leaked Information

The leaked data includes a wide array of personally identifiable information (PII), such as names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family data, and employment history.

In addition to individual records, the breach exposed data of 2,319,873 users who subscribed to MC2 Data services.

These users include employers, landlords, law enforcement agencies, and other entities that rely on background checks. 

Cybernews security researcher Aras Nazarovas commented on the implications of the breach.

“Background-checking services have always been problematic because cybercriminals can exploit them to gather data on their victims. This leak provides cybercriminals with easier access to detailed reports.”

Regulatory Concerns and Potential Consequences

Businesses like MC2 Data are subject to strict regulations to protect individuals’ data.

This breach violates privacy and puts countless individuals at risk of identity theft and other malicious attacks.

The exposure raises questions about how such companies manage and secure sensitive information. As a result of this breach, MC2 Data now faces potential reputational damage and legal action.

The incident underscores the need for stricter compliance with federal, state, and local regulations governing the handling of public records and background check services.

The leaked subscribers’ information is particularly concerning as it could make them high-value targets for cybercriminals. “If anyone else accessed this information, it could spark conflicts in some communities and organizations,” added Nazarovas. 

The breach is a stark reminder of the vulnerabilities inherent in handling vast amounts of sensitive data. It calls for an urgent reassessment of security protocols within the industry to prevent future incidents.

The unfolding situation continues to draw attention from privacy advocates and regulatory bodies alike.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial