Massive criminal records leak exposes 70M Americans’ personal information

A group of cybercriminals leaked a database containing criminal records of 70 million Americans, according to cybersecurity company Malwarebytes. 

The leak contained people’s full names, dates of birth, known aliases, postal addresses, dates of arrest, dates of conviction, sentences and more. 

This is bad news for anyone who has been convicted in the past.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

What happened: Detailed analysis of the incident

Malwarebytes posted the news of this data leak on its its blog. The wording suggests the company didn’t have direct access to the leaked database. Still, the post revealed plenty of information about the incident and the threat actors behind the attack.

The hacking groups EquationCorp and USDoD are reportedly responsible for a major data breach involving the criminal record database. The breach, which resulted in the online leak of the database, contains 70 million entries. It includes the full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences and other information of millions of Americans who had encounters with the U.S. justice system between 2020 and 2024.

We contacted Malwarebytes and spoke with Pieter Arntz, a security researcher at the company, who informed us that they were able to obtain a small sample of the criminal records, which are specific to individual incidents. Each entry represents either an arrest or a case rather than a comprehensive compilation of all crimes committed by a single person. In other words, these records provide a snapshot of discrete legal events rather than a comprehensive overview of an individual’s criminal history. 

The exact source of this database is unknown. However, the hacker group USDoD, a major player in the field, is closely linked to “Pompompurin,” the operator of the original data leak site BreachForums. According to Malwarebytes, USDoD plans to create a successor to the second version of BreachForums, which was recently shut down by law enforcement. By releasing this database, USDoD might be trying to attract new users.

The same hacker is also believed to be involved in a breach at TransUnion, the data from which was partly dumped in September 2023.

MASSIVE DELL DATA BREACH HITS 49 MILLION USERS — WHAT THIS MEANS FOR YOUR PRIVACY AND SECURITY

What does this data leak mean for you?

If you’ve had a run-in with the law before, there’s a good chance that a bunch of the info you shared with law enforcement is now out there on the web. The exposure of such a comprehensive criminal database could have significant implications for law enforcement, judicial proceedings and the individuals mentioned within the dataset.

The hackers who pulled off the leak might be looking to make a quick buck by selling your data to shady characters on the dark web. They might also try to con you by pretending to be someone you trust or a legit company, aiming to get their hands on some cash.

This much bulk data can also be used by bad actors to threaten, harass and blackmail people with records similar to the Ashley Madison breach. For the unaware, In July 2015, a hacker group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. These hackers copied personal information from the user base and threatened to expose users’ names and personal details unless Ashley Madison shut down right away.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

SNEAKY SPYWARE IS AFTER YOUR MOST SENSITIVE DATA

6 measures to take to protect yourself from a data breach

If you suspect you’ve been impacted by this data breach, follow these steps to protect your personal data and privacy.

1. Invest in identity theft protection: If you think your personal data has been leaked, scammers may try to impersonate you to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft. 

2. Place a fraud alert: Contact one of the three major credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. 

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices

4. Check Social Security benefits: It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud. 

5. Invest in removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for removal services here.

6. Change your password: You can render a stolen password useless to thieves simply by changing it. Opt for a strong password — one you don’t use elsewhere. Even better, consider letting a password manager generate one for you.

AT&T DATA LEAK FROM 73 MILLION CUSTOMERS — WHAT YOU NEED TO DO NEXT

Kurt’s key takeaway

The fact that threat actors were able to leak such a comprehensive amount of data suggests serious loopholes in government systems. These issues need to be addressed to prevent data breaches like this from exposing people’s personal information. As there is currently no advisory from the government, you’ll have to take matters into your own hands. Stay extra vigilant against identity theft and targeted phishing attacks.

CLICK HERE TO GET THE FOX NEWS APP

Have you ever been a victim of a data breach? If yes, what steps did you take to protect your personal data? Let us know by writing us atCyberguy.com/Contact

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

FacebookYouTubeInstagram

Answers to the most-asked CyberGuy questions:

What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?What is the best way to stay private, secure and anonymous while browsing the web?How can I get rid of robocalls with apps and data removal services?

Copyright 2024 CyberGuy.com. All rights reserved.