Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label National Public Data. Show all posts
USDoD
Data Breach InfraGard National Public Data US Citizen USDoD

Brazil's Federal Police Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

 

Brazil's Polícia Federal arrested USDoD, an infamous hacker linked to the National Public Data and InfraGard breaches, as part of "Operation Data Breach". USDoD, dubbed EquationCorp, has a long history of high-profile data breaches in which he stole data and often posted it on hacking forums, mocking the victims. 

These breaches include those on the FBI's InfraGard, a threat intelligence sharing platform, and National Public Data, which exposed the private data and social security numbers of hundreds of millions of US citizens online. 

Things became worse for the threat actor when he targeted cybersecurity firm CrowdStrike and revealed the company's internal threat actor list. Soon after leaking the IOC list, Brazilian publisher Techmundo received an anonymous CrowdStrike report that reportedly identified, or doxed, the threat actor, figuring out the perpetrator as a 33-year-old Brazilian called Luan BG. 

Interestingly, USDoD verified that CrowdStrike's information was accurate in an interview with HackRead and stated that he was currently living in Brazil. "So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack," USDoD told HackRead. 

Brazil's Polícia Federal (PF) confirmed his arrest in Belo Horizonte/MG earlier this week, most likely with the use of this intelligence. 

"The Federal Police launched Operation Data Breach on Wednesday (16/10), with the aim of investigating invasions of the systems of the Federal Police and other international institutions," according to a news release issued by the PF.

A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.

The prisoner boasted on websites that he had exposed sensitive data belonging to 80,000 members of InfraGard, a partnership between the Federal Bureau of Investigation (FBI) and private critical infrastructure companies in the United States of America. He claimed to be the mastermind of multiple cyber invasions that were carried out in multiple nations.

Ironically, the arrest was carried out as part of a law enforcement action known as "Operation Data Breach," which the police said was called after the threat actor's known cyber attacks.
Read more »
United States
Data Breach MC2 data National Public Data Sensitive data United States

Massive Data Breach Exposes Personal Info of Millions of Americans

 



One-third of all the Americans' information has been leaked by a background check company in the United States due to a disturbing data breach report. MC2 Data, which is one of the largest providers of background checks in the US, has left an enormous database unchecked online, putting millions of people's sensitive information at risk.

According to a Cybernews report from 23 September, this was first found out when MC2 Data left 2.2 TB of personal data open for anyone on the internet. This translates to over 106 million records about individual entities, which it claims may have affected the privacy of more than 100 million individuals. More than 2.3 million users' record details are also compromised; they had also asked for background checks, and their details were now open to the public.


Potential Effects of the Leaks

Comments by Aras Nazarovas, Cybernews security researcher: "These leaks are quite concerning, thinking of all the possible aftermaths which will not only result in extra problems always connected with identity theft, but may also involve numerous communities and organisations in battles-the cybercrime attackers commonly draw on background checks for such detailed personal information to prepare for attacks on individuals or groups.".

Background check services, intended to enhance security, have themselves not gone scot-free from cyber attacks and threats. The magnitude of the leakage can form a treasure trove of malicious users who can now access sensitive information more easily while still incurring less risk in perpetuating cyber attacks. Such leakage may underlie long-term trends in which personal data will be insecure in a society that increasingly digitalizes.


A Persisting Industry Problem

To the dismay of privacy advocates, this is not the first major breach involving a background check company. In August 2024, National Public Data, another giant in the background check sector, disclosed that it had suffered a breach exposing 2.7 billion public records. The compromised data included sensitive details such as names, social security numbers, email addresses, phone numbers, and birth dates.

It was reported that the leak at National Public Data started in December 2023, but the leaked data was published in April 2024. Cybersecurity specialists warn that such sensitive information being free for all to access increases the risk of more cyber attacks on people whose sensitive data have been leaked.

 

Consumer Watchdogs Raise the Alarm

In light of such repeated breaches, the consumer watchdog director for the U.S. Public Interest Research Group, Teresa Murray, said that this is indeed an extremely serious issue. Talking to ASIS International, Murray pointed out that due to its scale, what happened in the National Public Data breach makes it even more frightening compared to similar breaches. She said that people should view this as a "five-alarm wake-up call" to start taking their data security seriously.

Both those breaches are harsh reminders about the vulnerabilities that exist in the background check industry and the necessity of further security measures. Individuals are encouraged to monitor their personal information on a regular basis and take proactive steps about protecting them from identity theft and other forms of cybercrime.


What Needs to Be Done

Amid this swelling tide of data breaches, companies involved in handling sensitive information - such as firms conducting background checks - must be more attentive to their cybersecurity. Better data protection practices and more robust encryption and authentication systems can minimise this risk very well. In addition, individuals need to be vigilant as well. They must monitor each suspicious activity related to their personal information at regular intervals.

These breaches underscore the need for better regulations and also more oversight of operations that house large amounts of personal data. Unless further security is achieved, millions of Americans will remain vulnerable to danger from poor data protection.

Most recently, information fraud related to MC2 Data and National Public Data placed the identities of millions of Americans at risk of identity theft and other cybercrimes. Therefore, such cases occur frequently, and it is time for the business world and consumers to take data security seriously to prevent sensitive information from falling into the wrong hands.


Read more »
National Public Data
CyberCrime Cyberhacerks Cybersecurity Cyberthreats Data Breach National Public Data

Massive Data Breach Worsens as New Details Emerge Across US, UK, and Canada

 


Several days ago, the company whose data breach could have potentially exposed all Americans' Social Security numbers to identity thieves confirmed that they were victims of a data breach, stressing that they obtained even more sensitive data than previously reported. As a result, almost 2.7 billion personal records of Americans have been disclosed on a hacking forum, revealing the names, social security numbers, all known addresses, and possible aliases of people in the United States. Data supposedly comes from National Public Data, which is a government database. 

To furnish background checks, and criminal records, in addition to helping private investigators and lawyers to determine the truth of a suspected crime, this company collects and sells the access to personal data. According to reports, National Public Data takes this information from public sources to compile the profiles of individuals living in the US and other countries to facilitate their shopping and travel. 

According to reports, the data was collected from a company called National Public Data, and it contains information such as social security numbers for US citizens and other details that might be of interest to them. The information contained in this statement is typically used by private investigators and others in the background check and legal process. It was reported on National Public Data's site in April 2024 and summer 2024 that a "Security Incident" notice had been posted on its website regarding potential data leaks that may have occurred in April or summer of 2024. 

According to a class action lawsuit filed in the U.S., the company claimed the breach involved a third party hacking into data in late December 2023, and that the breach took place on December 19, 2023. USDoD, the hacking group, claimed in April that it had stolen personal information from National Public Data from 2.9 billion people. Proceedings were held at the District Court in Fort Lauderdale, Florida. 

X published a post on a popular hacker forum in which this hacker group offered to sell data from the United States, Canada, and the United Kingdom for $3.5 million, citing the fact that the data came from many countries. A hacker was reported to have tried selling the data, initially rumored to contain 2.9 billion records, for $3.5 million according to Bleeping Computer, a website dedicated to computer security. 

A hacker reported that the hacking breach encompasses thousands of records belonging to everyone living in the countries affected by this breach. Despite the positive aspects of the breach, it does highlight serious concerns about the security of personal information and highlights how important it is to protect this information.  Approximately 2.7 billion plaintext records have been exposed in the two massive text files totaling 277GB which represent a breach of privacy. 

In comparison, the US Department of Defense originally estimated that there were 2.9 billion records in its database, which is a significant decrease. As a result of the leak, sensitive information about individuals, such as names, addresses, and social security numbers, has been exposed. It is also possible to find some records containing additional information, such as alternative names for individuals that appear on the record. 

Some reports mentioned that several incidents where individuals' personal information has been compromised, including those who are deceased in the past few days, and who have confirmed that they were affected by the breach. It is important to make a point that none of the data in this system is encrypted, which makes misuse and identity theft even more likely. 

There are two types of records - ones that contain information about a person - that include their name, mailing address, and social security number, while others may include additional information, such as a person's past addresses, or other names associated with that person. A significant data breach has recently come to light, affecting millions of individuals across the United States, the United Kingdom, and Canada. The scope of this breach is far more extensive than initially anticipated. Notably, none of the compromised data was encrypted, leaving sensitive information vulnerable to exploitation. In the past, leaked samples from this breach included phone numbers and email addresses. 

However, these particular details are absent from the most recent leak, which involves a staggering 2.7 billion records. It's important to clarify that this figure does not equate to the number of affected individuals. Each person may have multiple records within the dataset, corresponding to different addresses they have been associated with over time. 

Consequently, the claim that 3 billion people were impacted by this breach is inaccurate and reflects a misunderstanding of the data. Moreover, some individuals have reported to BleepingComputer that their social security numbers were linked to other people they do not know, raising concerns about the accuracy of the information within the dataset. This suggests that not all the data is reliable and may contain errors.

Another critical aspect of this breach is the potentially outdated nature of the data. Investigations have revealed that the compromised information does not include the current addresses of the individuals affected. This suggests that the data may have been sourced from an older backup, rather than a recent database. The breach has prompted multiple class action lawsuits against Jerico Pictures, a company believed to be operating under the name National Public Data. 

The lawsuits allege that the company failed to adequately protect the personal information of millions of individuals. For residents of the United States, this breach likely means that some of their personal information has been exposed. Given that hundreds of millions of social security numbers are included in the compromised data, individuals are strongly advised to monitor their credit reports closely for any signs of fraudulent activity. If any such activity is detected, it should be promptly reported to the credit bureaus. 

 Additionally, although the current leak does not contain phone numbers and email addresses, these details were included in previous breaches. Therefore, individuals should remain vigilant against phishing attempts and SMS scams that may try to exploit the situation by tricking them into revealing further sensitive information. This breach serves as a stark reminder of the importance of data security and the potential consequences when companies fail to protect the personal information entrusted to them.
Read more »
Subscribe to: Posts (Atom)