Data broker blunder: Over 600,000 sensitive files exposed in data services leak

3 weeks ago 6

There are companies whose entire business model is built around collecting personal data, including criminal records, employment details, addresses, and more. They use this data to offer background check services to other businesses and individuals. However, while they profit from this information, they often fail to adequately protect it. Earlier this year, the National Public Data (NPD) made headlines for failing to secure 2.7 billion records of people whose data it collected. Now, on a smaller scale, another data aggregator has exposed the personal information of 600,000 Americans.

I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS (Ends 12/3/24 12 pm PT)
Enter by signing up for my free newsletter.

A person working on a computer

What information leaked

As reported by Website Planet, the exposed database contained 644,869 PDF files, totaling 713.1 GB of sensitive data. These documents mainly consisted of background checks but also included court records, vehicle ownership details such as license plates and VINs, and property ownership reports. The background checks alone revealed highly sensitive personal data, including full names, home addresses, phone numbers, email addresses, employment details, information about family members, social media accounts, and criminal histories.

The worst part is that the database was left publicly accessible without password protection or encryption, allowing anyone to grab it. Anyone with the link could view and download the files. Plus, the files were named in a way that exposed personal details, using formats like “First_Middle_Last_State.PDF.” This made sensitive information visible even without opening the files.

A person working on a computer

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

What you need to know about the company

The database that exposed over 600,000 records belongs to SL Data Services, LLC, an information research provider that appears to prioritize convenience over basic data security. The company operates a sprawling network of around 16 websites, including Propertyrec, which advertises real estate ownership data and property records. However, SL Data Services’ business goes far beyond property records, offering services like criminal background checks, DMV records, and even birth and death records.

While Propertyrec promotes its affordability, claiming users can search for documents for as little as $1, customer reviews paint a different picture. Many users report being unknowingly enrolled in subscription services, resulting in recurring charges instead of the promised one-time fees. This predatory business practice raises further questions about the company’s ethics and transparency.

Data broker blunder Over 600,000 sensitive files exposed in data services leak

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

How could the leak affect people?

The exposure of sensitive personal info in this breach is a big deal for the people involved. The database has detailed data about them, and that’s basically a jackpot for cybercriminals. This kind of leak can lead to various dangerous outcomes. 

For one, attackers could use this info to run phishing scams or social engineering tricks. If they know details like your job, family, or even criminal history, they can send super convincing messages to trick you into sharing even more sensitive details, like your financial info. That’s not all. Criminals could also use this leaked data to impersonate someone, applying for loans, credit cards, or other services in their name.

What really gets me, though, is that most people whose info got leaked probably won’t even find out about it unless they’re using a service to remove their data. A lot of them might not have even known they were being background-checked in the first place. For those with criminal records, this kind of leak could cause major reputational damage or lead to discrimination, even if the info is outdated or flat-out wrong.

We reached out to SL Data Services/Propertyrec for a comment but did not hear back before our deadline.

7 ways to protect yourself from data leaks

1) Remove your personal information from the internet: While no service can promise to completely erase your data from the internet, using a data removal service is one of the best steps you can take. These services may be pricey, but so is your privacy. They do the heavy lifting by actively scanning and removing your personal information from hundreds of websites. This helps protect you from scammers who may cross-reference data from breaches with other information they find on the dark web.

My top recommendation is Incogni, which has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.

Special Holiday Deal for CyberGuy Readers (65% off – lowest price anywhere):  Incogni offers a 30-day money-back guarantee and an exclusive CyberGuy discount available only through the links in this article. Pricing is just $5.24/month for an individual plan (billed annually) or $11.54/month for a family plan (up to 4 people), both providing fully automated data removal services, including recurring removal from over 190 data brokers. I recommend the family plan—it breaks down to only $2.89 per person per month for comprehensive, year-round coverage. This is an outstanding service, and I highly recommend giving it a try to see the benefits for yourself.

Get Incogni here

Get Incogni for your family (up to 4 people) here

2) Be wary of mailbox communications: With your address exposed, bad actors could try to scam you through physical mail. They may impersonate companies or people you trust and send fake urgent letters about things like missed deliveries, account suspensions, or security alerts. Be skeptical of unexpected communications and verify any claims before taking action.

3) Be cautious of phishing attempts: The leaked data could lead to phishing attacks via email, phone calls, or messages from unknown sources. Be on high alert for any requests for personal information, especially if they seem urgent or ask you to click on suspicious links. Always verify the legitimacy of any request before responding.

To protect your devices from malicious links, make sure you have strong antivirus protection. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Holiday Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers:

  • Option 1:  $19 / 5 licenses (protects 5 devices)

$19 your first year (80% off) for the TotalAV Antivirus Pro package.  Includes licenses to protect 5 devices 

  • Option 2:  $14.95 / 3 devices (protects 3 devices)

$14.95 your first year (85%) for the TotalAV Antivirus Pro package. Includes licenses to protect 3 devices.

4) Monitor your accounts: Given the scope of this breach, it’s crucial to start regularly reviewing your bank accounts, credit card statements, and other financial accounts. Keep an eye out for any unauthorized transactions and report them immediately to your bank or credit card company to prevent further damage.

5) Use strong, unique passwords: Create complex passwords for each of your online accounts and consider using a password manager to keep track of them securely.

6) Enable two-factor authentication (2FA): Implement this extra layer of security on all accounts that offer it to prevent unauthorized access.

7) Regularly update your software: Keep your operating system, apps, and security tools up-to-date to protect against known vulnerabilities.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Kurt’s key takeaway

It’s alarming how many companies profit from collecting personal data, yet fail to protect it adequately. Recent breaches, including one exposing the sensitive information of 600,000 Americans, highlight this negligence. With unprotected databases containing everything from criminal records to addresses, cybercriminals have a treasure trove of information to exploit. This situation underscores the urgent need for you to take proactive steps to safeguard your privacy and demand better security practices from these data aggregators.

Should companies face stronger penalties for failing to protect personal data? Let us know in the comments.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Read Entire Article