A group of cybercriminals leaked a database containing the criminal records of 70 million Americans, according to cybersecurity firm Malwarebytes.
The leaked information included people’s full names, dates of birth, known aliases, postal codes, arrest dates, conviction dates and sentences.
This is bad news for those with past convictions.
To get security alerts and expert tips, sign up for Kurt’s newsletter, The Cyberguy Report.
Hacker typing on keyboard. (Kurt “Cyberguy” Knutson)
What happened: A detailed analysis of the incident
Malwarebytes reported the news of the data breach: blogWhile the text of the post suggests the company did not have direct access to the leaked databases, the post still revealed a lot of information about the incident and the threat actors behind the attack.
Hacker group EquationCorp and the US Department of Defense are reportedly responsible for a massive data breach involving a criminal history database. The breach led to the database being published online, containing 70 million entries, including full names, birth dates, known aliases, addresses, arrest and conviction dates, sentences, and other information for millions of Americans involved with the US justice system between 2020 and 2024.
We contacted Malwarebytes and spoke with Pieter Arntz, a security researcher at the company, who told us that they were able to obtain a small sample of criminal records specific to individual cases. Each entry represents either an arrest or a case, rather than a comprehensive summary of all crimes committed by one person. In other words, these records provide a snapshot of individual legal events, rather than a comprehensive overview of an individual’s criminal history.
The exact origins of this database are unknown. However, a major player in this field, the hacker group USDoD, has close ties to “Pompompurin,” the operator of the original data leak site BreachForums. According to Malwarebytes, USDoD plans to create a successor site to a second version of BreachForums, which was recently shut down by law enforcement. By publishing this database, USDoD may be trying to attract new users.
The same hackers are also believed to have been involved in the TransUnion intrusion, which exposed some of the company’s data in September 2023.
A man in handcuffs. (Kurt “Cyberguy” Knutson)
Massive Dell Data Breach Affects 49 Million Users — Privacy and Security Implications
What does this data breach mean for you?
If you have had previous run-ins with the law, it is likely that much of the information you provided to law enforcement is now publicly available on the web. The public release of such a comprehensive criminal database could have significant implications for law enforcement, judicial proceedings, and the individuals referenced within the dataset.
The hackers responsible for the leak could be trying to make a quick buck by selling your data to shady actors on the dark web, or they could try to scam you into cash by posing as someone you trust or a legitimate company.
Large amounts of data could also be used by bad actors to blackmail, harass, and extort people using records similar to those in the Ashley Madison breach. For those who don’t know, in July 2015, a group of hackers calling themselves “The Impact Team” stole user data from Ashley Madison, a commercial website advertised as enabling extramarital affairs. These hackers copied personal information from the user base and threatened to make public users’ names and personal information if Ashley Madison was not shut down immediately.
What is Artificial Intelligence (AI)?
Woman working on a laptop. (Kurt “Cyberguy” Knutson)
Spyware is after your most sensitive data
6 steps to protect yourself from a data breach
If you believe you have been affected by this data breach, please follow these steps to protect your personal data and privacy:
1. Invest in identity theft protection: If you think your personal information has been compromised, scammers may try to impersonate you to gain access to your personal information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.
Identity theft companies monitor personal information like Social Security numbers (SSNs), phone numbers, and email addresses to alert you if it’s being sold on the dark web or used to open accounts. They can also help you freeze bank and credit card accounts to prevent further fraud by criminals. Check out our tips and best choices for protecting yourself against identity theft.
2. Issue a fraud alert: Contact one of the big three credit reporting agencies (Equifax, Experian, or TransUnion) and ask them to place a fraud alert on your credit file. This will make it harder for identity thieves to open new accounts in your name without verification.
Click here to get FOX Business on the go
3. Beware of phishing scams: Be wary of emails, phone calls, and messages from unknown sources asking for personal information. Don’t click on suspicious links or provide sensitive information unless you can verify the legitimacy of the request.
The best way to protect yourself from clicking on malicious links that could install malware that could access your personal information is to install antivirus protection on all your devices, which will also warn you about phishing emails and ransomware scams. We’ve handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
4. Check your Social Security benefits: It’s important to regularly check your Social Security benefits to ensure they haven’t been tampered with or altered to protect your financial security and prevent potential fraud.
5. Invest in removal services: No service promises to delete all your data from the Internet, but if you want to constantly monitor and automate the process of continually deleting information from hundreds of sites over a long period of time, a deletion service can be a useful tool. Check out the moving services I recommend here.
6. Change your password. You can render a stolen password useless to a thief by simply changing it. Choose a strong password that you don’t use anywhere else. Even better, Password Manager Generated automatically.
AT&T 73 Million Customer Data Breach – What to Do Next
Important points about the cart
The fact that threat actors were able to leak such a wide range of data suggests that there are significant loopholes in government systems. To prevent such data leaks from exposing people’s personal information, these issues need to be addressed. There are no government recommendations at this time, so you will have to take action yourself. Be especially vigilant against identity theft and targeted phishing attacks.
Click here to get the FOX News app
Have you ever been a victim of a data breach? If so, what steps did you take to protect your personal information? Cyberguy.com/Contact Us
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
