Wednesday, April 30, 2025
Homecyber securityMC2 Data leak Exposes 100 million+ US Citizens Data

MC2 Data leak Exposes 100 million+ US Citizens Data

Published on

SIEM as a Service

Follow Us on Google News

Researchers have uncovered a massive data breach at MC2 Data, a prominent background check firm.

The breach has exposed sensitive information of over 100 million US citizens, raising serious concerns about data privacy and security.

Background Check Firms Under Scrutiny

MC2 Data is part of an industry that compiles and analyzes data from various public sources to create comprehensive profiles used by employers, landlords, and other entities for decision-making.

- Advertisement - Google News

These profiles include criminal records, employment history, and personal contact details. Despite the sensitive nature of this data, the industry has faced criticism for not always ensuring robust security measures. 

Data (source: Cybernews)
Data (source: Cybernews)

The recent breach at MC2 Data highlights these vulnerabilities. According to Cybernews, the company left a database containing 2.2TB of data unsecured and accessible to anyone online.

This oversight exposed 106,316,633 records, potentially affecting at least 100 million individuals.

Download Free Incident Response Plan Template for Your Security Team – Free Download

Details of the Leaked Information

The leaked data includes a wide array of personally identifiable information (PII), such as names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family data, and employment history.

In addition to individual records, the breach exposed data of 2,319,873 users who subscribed to MC2 Data services.

These users include employers, landlords, law enforcement agencies, and other entities that rely on background checks. 

Cybernews security researcher Aras Nazarovas commented on the implications of the breach.

“Background-checking services have always been problematic because cybercriminals can exploit them to gather data on their victims. This leak provides cybercriminals with easier access to detailed reports.”

Regulatory Concerns and Potential Consequences

Businesses like MC2 Data are subject to strict regulations to protect individuals’ data.

This breach violates privacy and puts countless individuals at risk of identity theft and other malicious attacks.

The exposure raises questions about how such companies manage and secure sensitive information. As a result of this breach, MC2 Data now faces potential reputational damage and legal action.

The incident underscores the need for stricter compliance with federal, state, and local regulations governing the handling of public records and background check services.

The leaked subscribers’ information is particularly concerning as it could make them high-value targets for cybercriminals. “If anyone else accessed this information, it could spark conflicts in some communities and organizations,” added Nazarovas. 

Leaked Data (Source: Cybernews)
Leaked Data (Source: Cybernews)

The breach is a stark reminder of the vulnerabilities inherent in handling vast amounts of sensitive data. It calls for an urgent reassessment of security protocols within the industry to prevent future incidents.

The unfolding situation continues to draw attention from privacy advocates and regulatory bodies alike.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

AWS Defaults Open Stealthy Attack Paths Enabling Privilege Escalation and Account Compromise

A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM...

China-Linked Hackers Targeting Organizational Infrastructure and High-Value Clients

A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have...

Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization

A recently discovered vulnerability in Docker Desktop for macOS is raising concerns in the developer and...

PowerDNS DNSdist Vulnerability Let Attackers Trigger Denial-of-Service

PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

AWS Defaults Open Stealthy Attack Paths Enabling Privilege Escalation and Account Compromise

A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM...

China-Linked Hackers Targeting Organizational Infrastructure and High-Value Clients

A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have...

Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization

A recently discovered vulnerability in Docker Desktop for macOS is raising concerns in the developer and...