Major data breach could mean a third of Americans have had their data leaked online
Researchers have discovered a massive data breach originating from background check firm MC2 Data, which apparently left a 2.2 TB database online without a password, freely accessible to anyone on the Internet.
The team of Cyber News says the data would have included the private information of 106,316,633 U.S. citizens, nearly a third of the country’s population. As a background check company, MC2 Data stored personally identifiable information on a range of people — including names, addresses, phone numbers, legal records, employment history and more.
The researchers suspect that the leak is the result of human error. The leak contained not only information from people who had undergone a background check, but also from more than two million users who had a subscription to M2C data services.
Insufficient protection
It’s the second major data breach at a background check company in the past two months. An August 2024 report found that National Public Data suffered a data breach that led to class-action lawsuits because the company was at risk of identity theft.
“Background checking services have always been problematic, as cybercriminals could often purchase their services to collect data on their victims,” said Cybernews researcher Aras Nazarovas. “Such a vulnerability is a goldmine for cybercriminals, as it eases access and reduces the risk for them, allowing them to more effectively abuse these detailed reports.”
The threat to subscribers whose information was exposed is particularly concerning, as they are likely to be higher-value targets, such as employers or law enforcement. With such a large number of people exposed, the breach underscores the importance of robust security and privacy practices — we’ve rounded up the best antivirus software to keep your information safe.
