Monday, February 10, 2025
Homecyber securityMC2 Data leak Exposes 100 million+ US Citizens Data

MC2 Data leak Exposes 100 million+ US Citizens Data

Published on

SIEM as a Service

Follow Us on Google News

Researchers have uncovered a massive data breach at MC2 Data, a prominent background check firm.

The breach has exposed sensitive information of over 100 million US citizens, raising serious concerns about data privacy and security.

Background Check Firms Under Scrutiny

MC2 Data is part of an industry that compiles and analyzes data from various public sources to create comprehensive profiles used by employers, landlords, and other entities for decision-making.

These profiles include criminal records, employment history, and personal contact details. Despite the sensitive nature of this data, the industry has faced criticism for not always ensuring robust security measures. 

Data (source: Cybernews)
Data (source: Cybernews)

The recent breach at MC2 Data highlights these vulnerabilities. According to Cybernews, the company left a database containing 2.2TB of data unsecured and accessible to anyone online.

This oversight exposed 106,316,633 records, potentially affecting at least 100 million individuals.

Download Free Incident Response Plan Template for Your Security Team – Free Download

Details of the Leaked Information

The leaked data includes a wide array of personally identifiable information (PII), such as names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family data, and employment history.

In addition to individual records, the breach exposed data of 2,319,873 users who subscribed to MC2 Data services.

These users include employers, landlords, law enforcement agencies, and other entities that rely on background checks. 

Cybernews security researcher Aras Nazarovas commented on the implications of the breach.

“Background-checking services have always been problematic because cybercriminals can exploit them to gather data on their victims. This leak provides cybercriminals with easier access to detailed reports.”

Regulatory Concerns and Potential Consequences

Businesses like MC2 Data are subject to strict regulations to protect individuals’ data.

This breach violates privacy and puts countless individuals at risk of identity theft and other malicious attacks.

The exposure raises questions about how such companies manage and secure sensitive information. As a result of this breach, MC2 Data now faces potential reputational damage and legal action.

The incident underscores the need for stricter compliance with federal, state, and local regulations governing the handling of public records and background check services.

The leaked subscribers’ information is particularly concerning as it could make them high-value targets for cybercriminals. “If anyone else accessed this information, it could spark conflicts in some communities and organizations,” added Nazarovas. 

Leaked Data (Source: Cybernews)
Leaked Data (Source: Cybernews)

The breach is a stark reminder of the vulnerabilities inherent in handling vast amounts of sensitive data. It calls for an urgent reassessment of security protocols within the industry to prevent future incidents.

The unfolding situation continues to draw attention from privacy advocates and regulatory bodies alike.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...