Cyber Threat Radar – Approximately one-third of the population in the United States may have had their personal information compromised due to a data leak at the background check company MC2 Data.
MC2 Data conducts its verification processes by gathering information from various sources, such as criminal records, employment history, familial information, and contact details. This collected data is utilized to develop individual profiles, which are subsequently marketed to landlords and employers.
MC2 Data Operates Several Websites
The company operates several websites, including PrivateReports, PeopleSearcher, PrivateRecords.net, PeopleSearchUSA, and ThePeopleSearchers,
The leaked data included:
- Name
- Date of birth
- Home address
- Email and phone number
- Family, relatives, neighbors’ data
- IP address
- User agents
- Encrypted passwords
- Partial payment information
- Property records
- Legal records
- Employment history
Some client information related to background checks was also compromised. The breach is thought to have resulted from human error, as 2.2TB of data was left unprotected and readily available to anyone online.
Background Verification Companies Are Appealing Targets For Cybercriminals
Given that background check companies possess highly sensitive information, it is understandable that they could be appealing targets for cybercriminals.
“Individuals impacted by this breach should promptly change their passwords on all platforms where they were previously utilized,” commented Tim Royston-Webb, CEO, SentryBay. “MC2 customers must exercise heightened vigilance regarding any unexpected and urgent requests for unusual actions, as these may be phishing attempts. Cybercriminals can use the leaked data to facilitate the creation of seemingly legitimate attacks, necessitating increased caution from customers.”
Proven Protection Against Infostealer Malware
Considering this massive data leak, SentryBay stands ready to help background verification companies with their cyber defense postures. SentryBay’s Armored Client is the OEM at the heart of Citrix App Protection, and is now proven protection against infostealer malware for Microsoft AVD and W365 endpoints. The solution utilises endpoint access isolation in a manner which does not impact on performance and includes Keylogging and Screen Capture protection.