Over 600,000 people hit in massive data breach — background checks, vehicle and property records

2 hours ago 2

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light

(Image credit: Getty Images)

Another background check company suffered a data breach; this time, more than 600,000 people were affected. It's a minor breach compared with the 2.9 billion people hit by the National Public Data hack, but it's still scary.

The company in question, SL Data Services, was discovered online. It was publicly exposed and not password-protected or encrypted.

Cybersecurity researcher Jeremiah Fowler discovered the breach (or lack of protection on the files). The breach contained vehicle records, court records, property ownership reports, full names, addresses, email addresses, employment details, social media accounts, phone numbers, and criminal records.

Everything was contained in PDF files, most of which were labeled "background check." There was a total of 713.1GB of files in the database.

Thankfully, the information isn't publicly available anymore, but it took a while before it was properly locked down. After the responsible disclosure notice was sent, it took a week before SL Data Services made it unavailable. A whole week is a long time to have 600,000 people have their information sitting in publicly accessible files.

Unfortunately, those with data in the breach might not even know their information was included. Since background checks are usually performed by someone else and the person being checked rarely knows which background check company was used, this could be even messier.

While social security numbers and payment information aren't included in the breach, with so much data being publicly available about the people affected, scammers can use that information to trick unsuspecting victims with social engineering attacks.

Discover the hottest deals, best product picks and the latest tech news from our experts at Tom’s Guide.

Thankfully, there's no indication that malicious actors accessed the open database or collected sensitive information, but there's no proof that they didn't. Only time will tell — if we start seeing a rise in sudden social engineering attacks, we know something happened.

More from Tom's Guide

Scammers prey on Black Friday buyers – don't fall for fake online shops
These are the best antivirus software solutions to keep you safe from malware
This nasty Android trojan is hijacking calls to your bank and sending them to hackers

Dave LeClair is the Senior News Editor for Tom's Guide, keeping his finger on the pulse of all things technology. He loves taking the complicated happenings in the tech world and explaining why they matter. Whether Apple is announcing the next big thing in the mobile space or a small startup advancing generative AI, Dave will apply his experience to help you figure out what's happening and why it's relevant to your life.

Read Entire Article