[ad_1]
Cybersecurity firm Malwarebytes reveals that a cybercriminal group has exposed a database housing the criminal records of 70 million U.S. citizens.
The compromised information includes names, birth dates, aliases, addresses, arrest details, conviction dates, sentences and more.
Those with past convictions may find this leak particularly concerning.
RECEIVE SECURITY UPDATES AND EXPERT ADVICE — SUBSCRIBE TO KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE
An In-depth Examination of the Data Breach
The announcement of this massive data leak was initially made on the blog of Malwarebytes, who although do not seem to have direct access to the database, were able to provide substantial details about the incident and the perpetrators behind it.
The malicious groups EquationCorp and USDoD are believed to be behind the significant data breach which led to the online leak of the criminal record database containing 70 million entries. This database contains comprehensive information on millions of Americans who have had interactions with the U.S. justice system from 2020 to 2024.
After reaching out to Malwarebytes, we had the opportunity to talk with their security researcher, Pieter Arntz, he informed us that they were able to acquire a small sample of the leaked criminal records. These records provide a snapshot of specific incidents, and each entry directly relates to an arrest or case rather than depicting the complete chain of crimes by an individual.
The source of this database is still unclear. However, the hacker group USDoD, renowned in their field, is associated closely with “Pompompurin,” the operator of BreachForums, which was the original site of the data leak. Malwarebytes observes that USDoD intends to set up a successor to the subsequently shutdown version of BreachForums, and their dissemination of the database could serve to attract new users.
This same hacker is speculated to also have a hand in a data breach at TransUnion where some data was dumped in September 2023.
What are the Implications of this Data Leak?
For anyone who has ever crossed paths with the law previously, it’s likely that a variety of information you shared with law enforcement is now freely floating on the internet. The exposure of such an exhaustive criminal database could hold significant ramifications for law enforcement, legal proceedings, and the individuals enlisted within the dataset.
The hackers responsible for the leak may be looking to reap quick profits by selling your data to malevolent individuals on the dark web or fool you by pretending to be an entity you trust or a legitimate company to trick you out of your money.
This enormous amount of data can also be used by harmful players to threaten, harass and blackmail people with previous records, similar to the Ashley Madison breach in July 2015 where a hacker group dubbed “The Impact Team” infiltrated the user data of Ashley Madison, a commercial website encouraging extramarital affairs. The hackers copied personal information from the user base and threatened to expose users’ names and personal details unless Ashley Madison shut down immediately.
Six Defensive Steps to Protect Yourself From a Data Breach
If you believe you’ve been affected by this data leak, here are some precautionary steps to safeguard your personal data and privacy.
1. Invest in identity theft protection: If there’s a probability that your personal data has been compromised, fraudsters might attempt to impersonate you to gain access to your personal information. One of the best ways to protect yourself from this type of fraud is to subscribe to an identity theft protection service.
2. Initiate a fraud alert: Reach out to one of the three principal credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more challenging for identity thieves to open new accounts under your name without mandatory verification.
3. Beware of phishing attempts: Stay alert regarding emails, calls, or messages from unfamiliar sources asking for personal information. Refrain from clicking on dubious links or providing sensitive information unless you can validate the authenticity of the request.
4. Check Social Security benefits: Frequently checking on your Social Security benefits is critical to ensure they have not been tampered with, thereby safeguarding your financial security and avoiding potential fraud.
5. Invest in removal services: While no such service guarantees absolute removal of your data from the internet, having a removal service is advisable for periodic monitoring and automating data removal from hundreds of sites over an extended period. Check out my top picks for removal services here.
6. Change your password: Merely changing your password can render a stolen password useless to those who steal it. Choose a robust password — one you don’t use elsewhere. Alternatively, consider allowing a password manager to create one for you.
Kurt’s Crucial Takeaway
The ability of perpetrators to leak such a substantial amount of data points towards severe loopholes in government systems. These issues must be addressed to fend off data breaches like this from revealing people’s personal information. Considering the present absence of any governmental advisory, it’s up to you to take these matters into your own hands. Be exceptionally careful of identity theft and targeted phishing attacks.
Want to share with us your data breach experience? If yes, what preventive measures did you take to protect your personal data? Let us know by writing to us at Cyberguy.com/Contact
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Reach out to Kurt with your questions or suggest stories you want us to cover.
Keep up with Kurt on his social channels:
Here are the answers to the most-asked questions by CyberGuy:
Copyright 2024 CyberGuy.com. All rights reserved.
[ad_2]
