In a significant cybersecurity breach, a group of hackers has leaked a database containing the criminal records of 70 million Americans, as reported by cybersecurity firm Malwarebytes. The leaked data includes comprehensive personal and criminal details, posing a serious threat to those with past convictions.
Details of the Leak:
The leaked database contains extensive information, including full names, dates of birth, known aliases, postal addresses, dates of arrest, dates of conviction, sentences, and more. This leak is particularly concerning for anyone who has been convicted in the past, as their personal and criminal details are now exposed.
Malwarebytes disclosed the news of this data leak on its blog. The post suggests that the company did not have direct access to the leaked database but was able to provide substantial information about the incident and the threat actors involved.
The Perpetrators:
The hacking groups EquationCorp and USDoD are reportedly behind this major data breach involving the criminal record database. The breach resulted in the online leak of the database, which contains 70 million entries. These entries include comprehensive personal and criminal details of millions of Americans who had encounters with the U.S. justice system between 2020 and 2024.
Insights from Malwarebytes:
We reached out to Malwarebytes and spoke with Pieter Arntz, a security researcher at the company. Arntz informed us that they were able to obtain a small sample of the criminal records, which are specific to individual incidents. Each entry represents either an arrest or a case rather than a comprehensive compilation of all crimes committed by a single person. In other words, these records provide a snapshot of discrete legal events rather than a comprehensive overview of an individual’s criminal history.
The Source and Motive:
The exact source of this database is unknown. However, the hacker group USDoD, a major player in the field, is closely linked to “Pompompurin,” the operator of the original data leak site BreachForums. According to Malwarebytes, USDoD plans to create a successor to the second version of BreachForums, which was recently shut down by law enforcement. By releasing this database, USDoD might be trying to attract new users.
The same hacker is also believed to be involved in a breach at TransUnion, the data from which was partly dumped in September 2023.
Implications of the Leak:
The exposure of such a comprehensive criminal database could have significant implications for law enforcement, judicial proceedings, and the individuals mentioned within the dataset. The hackers who pulled off the leak might be looking to make a quick buck by selling your data to shady characters on the dark web. They might also try to con you by pretending to be someone you trust or a legit company, aiming to get their hands on some cash.
This much bulk data can also be used by bad actors to threaten, harass and blackmail people with records similar to the Ashley Madison breach. For the unaware, In July 2015, a hacker group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. These hackers copied personal information from the user base and threatened to expose users’ names and personal details unless Ashley Madison shut down right away.
Steps to Protect Your Personal Data and Privacy:
If you suspect you’ve been impacted by this data breach, follow these steps to protect your personal data and privacy:
1.Invest in identity theft protection:If you think your personal data has been leaked, scammers may try to impersonate you to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.
2.Place a fraud alert:Contact one of the three major credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification.
3.Be cautious of phishing attempts:Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.
4.Check Social Security benefits:It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud.
5.Invest in removal services:While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
6.Change your password:You can render a stolen password useless to thieves simply by changing it. Opt for a strong password — one you don’t use elsewhere. Even better, consider letting a password manager generate one for you.
The fact that threat actors were able to leak such a comprehensive amount of data suggests serious loopholes in government systems. These issues need to be addressed to prevent data breaches like this from exposing people’s personal information. As there is currently no advisory from the government, you’ll have to take matters into your own hands. Stay extra vigilant against identity theft and targeted phishing attacks.
Have you ever been a victim of a data breach? If yes, what steps did you take to protect your personal data? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
