Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin/TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Bryce Durbin/TechCrunch
Cloud Computing
Commerce
Crypto
go-ahead
EVs
Fintech
fund-raise
Gadgets
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
surety
societal
Space
inauguration
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
meet Us
Since April , a hacker with a history of sell stolen data has claim a data severance of gazillion of records — impact at least 300 million people — from a U.S. data broker , which would make it one of the turgid allege data breaches of the yr .
The data point , construe by TechCrunch , on its own appears partially logical — if imperfect . The stolen data , which was advertised on a known cybercrime forum , allegedly date back years and include U.S. citizens ’ full names , their menage address account and Social Security numbers — data that is wide available for sale by information brokers .
But confirming the source of the alleged data point larceny has proven inconclusive ; such is the nature of the data broker industriousness , which bolt up individuals ’ personal data from disparate sources with little to no quality command .
The alleged data broker in interrogative , allot to the hacker , is National Public Data , which bills itself as “ one of the biggest provider of public records on the Internet . ”
On its prescribed website , National Public Data claimedto sell access to several databases : a “ People Finder ” one where customers can search by Social Security number , name and date of birth , reference or telephone number ; a database of U.S. consumer data “ covering over 250 million individuals ; ” a database containing elector registration data that hold entropy on 100 million U.S. citizens ; a criminal records one ; and several more .
Malware research group vx - undergroundsaid on X(formerly Twitter ) that they reviewed the whole stolen database and could “ corroborate the data present in it is literal and accurate . ”
“ We research up several somebody who consented to having their entropy looked up , ” the radical wrote , adding that they were able to find those people ’s info , including names , address history work back more than three decades and Social Security numbers .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ It also allow us to find their parents , and nearest siblings . We were able-bodied to identify someones [ sic ] parents , gone relatives , Uncles , Aunts , and Cousins , ” vx - subway write .
TechCrunch made alike sweat to verify the authenticity of the information , with mixed results .
In our reappraisal of a small sample of five million records , we found ream of names and address that match tally public records , but also some data that does n’t always make sense — like email speech with different names that have no apparent mien on the rest of the associated individual ’s data point . Some record contained alleged information about fuck in high spirits - profile individual , admit the personal data of a former U.S. president .
TechCrunch provided USDoD , the hacker who is selling the data , with the name of eight mass who give their consent , in an endeavor to verify that the hacker in reality has licit data . The drudge did not return any data point for the eight people .
TechCrunch also reach out to a hundred people whose numbers and email were in the sampling . Only one person react , and confirmed that part of his aver steal data was accurate , but not all .
Going straight to the alleged source of the datum thievery did n’t suffice much either .
Despite several attempts to reach out to the party , National Public Data has not responded , and neither has its founder and CEO Salvatore Verini . After TechCrunch first reached out to National Public Data last hebdomad , the company choose down its website Thomas Nelson Page that let in particular on the database it sell access to .
Not all data point breaches claim by hackers , especially those advertised on hacking forums , call on out to be real . That ’s why TechCrunch and other cybersecurity reporters often drop considerable amounts of timetrying to aver a datum rupture , efforts that sometimes end up with inconclusive final result .
But this supposed breach of a data broker is likely an outlier , in part because some of the data come out genuine and some already verified .
The proliferation and commoditization of personal data across the data broker diligence also makes it more challenging to identify the source of datum wetting . And even if this peculiar data break continue unresolved , it register once more that the data point broker industry is out of control and sit real privacy issues to average multitude .
We could n’t definitively puzzle out the whodunit of this datum breach , but there was enough there to detail our confirmation cause . One affair is clear . As long as datum brokers collect personal selective information , there remains a risk that the data will get out .
