There are companies whose entire business model is built around collecting personal data, including criminal records, employment details, addresses and more. They use this data to offer background check services to other businesses and individuals. However, while they profit from this information, they often fail to adequately protect it. Earlier this year, the National Public Data made headlines for failing to secure 2.7 billion records of people whose data it collected. Now, on a smaller scale, another data aggregator has exposed the personal information of 600,000 Americans.

ENDS TOMORROW: I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS
Enter by signing up for my free newsletter.

Data broker blunder: More than 600,000 sensitive files exposed in data services leak

Illustration of a hacker (Kurt "CyberGuy" Knutsson)

What information leaked?

As reported by Website Planet, the exposed database contained 644,869 PDF files, totaling 713.1 GB of sensitive data. These documents mainly consisted of background checks but also included court records, vehicle ownership details such as license plates and VINs, and property ownership reports. The background checks alone revealed highly sensitive personal data, including full names, home addresses, phone numbers, email addresses, employment details, information about family members, social media accounts and criminal histories.

The worst part is that the database was left publicly accessible without password protection or encryption, allowing anyone to grab it. Anyone with the link could view and download the files. Plus, the files were named in a way that exposed personal details, using formats like "First_Middle_Last_State.PDF." This made sensitive information visible even without opening the files.

Data broker blunder: More than 600,000 sensitive files exposed in data services leak

Illustration of a hacker (Kurt "CyberGuy" Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

What you need to know about the company

The database that exposed over 600,000 records belongs to SL Data Services LLC, an information research provider that appears to prioritize convenience over basic data security. The company operates a sprawling network of around 16 websites, including Propertyrec, which advertises real estate ownership data and property records. However, SL Data Services’ business goes far beyond property records, offering services like criminal background checks, DMV records and even birth and death records.

While Propertyrec promotes its affordability, claiming users can search for documents for as little as $1, customer reviews paint a different picture. Many users report being unknowingly enrolled in subscription services, resulting in recurring charges instead of the promised one-time fees. This predatory business practice raises further questions about the company’s ethics and transparency.

Data broker blunder: More than 600,000 sensitive files exposed in data services leak

A woman working on two computers (Kurt "CyberGuy" Knutsson)

BEWARE OF ENCRYPTED PDFs AS LATEST TRICK TO DELIVER MALWARE TO YOU

How could the leak affect people?

The exposure of sensitive personal info in this breach is a big deal for the people involved. The database has detailed data about them, and that’s basically a jackpot for cybercriminals. This kind of leak can lead to various dangerous outcomes. 

For one, attackers could use this info to run phishing scams or social engineering tricks. If they know details like your job, family or even criminal history, they can send super convincing messages to trick you into sharing even more sensitive details, like your financial info. That’s not all. Criminals could also use this leaked data to impersonate someone and apply for loans, credit cards or other services in their name.

What really gets me, though, is that most people whose info got leaked probably won’t even find out about it unless they’re using a service to remove their data. A lot of them might not have even known they were being background-checked in the first place. For those with criminal records, this kind of leak could cause major reputational damage or lead to discrimination, even if the info is outdated or flat-out wrong.

We reached out to SL Data Services/Propertyrec for a comment but did not hear back before our deadline.

7 ways to protect yourself from data leaks

1) Remove your personal information from the internet: While no service can promise to completely erase your data from the internet, using a data removal service is one of the best steps you can take. They do the heavy lifting by actively scanning and removing your personal information from hundreds of websites. This helps protect you from scammers who may cross-reference data from breaches with other information they find on the dark web. Check out my top picks for data removal services here.

2) Be wary of mailbox communications: With your address exposed, bad actors could try to scam you through physical mail. They may impersonate companies or people you trust and send fake urgent letters about things like missed deliveries, account suspensions or security alerts. Be skeptical of unexpected communications and verify any claims before taking action.

3) Be cautious of phishing attempts and use strong antivirus software: The leaked data could lead to phishing attacks via email, phone calls or messages from unknown sources. Be on high alert for any requests for personal information, especially if they seem urgent or ask you to click on suspicious links. Always verify the legitimacy of any request before responding.

To protect your devices from malicious links, make sure you have strong antivirus protection. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4) Monitor your accounts: Given the scope of this breach, it’s crucial to start regularly reviewing your bank accounts, credit card statements and other financial accounts. Keep an eye out for any unauthorized transactions and report them immediately to your bank or credit card company to prevent further damage.

5) Use strong, unique passwords: Create complex passwords for each of your online accounts and consider using a password manager to keep track of them securely.

6) Enable two-factor authentication (2FA): Implement this extra layer of security on all accounts that offer it to prevent unauthorized access.

7) Regularly update your software: Keep your operating system, apps and security tools up to date to protect against known vulnerabilities.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Kurt’s key takeaway

It’s alarming how many companies profit from collecting personal data, yet fail to protect it adequately. Recent breaches, including one exposing the sensitive information of 600,000 Americans, highlight this negligence. With unprotected databases containing everything from criminal records to addresses, cybercriminals have a treasure trove of information to exploit. This situation underscores the urgent need for you to take proactive steps to safeguard your privacy and demand better security practices from these data aggregators.

Should companies face stronger penalties for failing to protect personal data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Try CyberGuy's new games (crosswords, word searches, trivia and more!)

Enter CyberGuy's $500 Holiday Gift Card Sweepstakes

Kurt’s Best New Cyber Monday Deals

Copyright 2024 CyberGuy.com. All rights reserved.