Security researchers have uncovered a 200 million American data leak. They suspect it may have come from the US Census Bureau.
There’s a troubling new data leak that researchers have uncovered. A database that contains 800GB worth of personal data on American’s have been discovered. In it, there is personal details of about 200 million American’s. Pinpointing the origin of the leak is proving to be difficult, but they suspect that it may have come from the US Census Bureau. From TechRadar:
The records stored in the unsecured database contained the full names and titles of the exposed individuals, email addresses, phone numbers, dates of birth, credit ratings, home addresses, demographics including numbers of children and their genders, detailed mortgage and tax records and other personally identifiable information.
Based on its analysis of the database, CyberNews believes that much of the data it contained may have originated from the US Census Bureau. This is because certain codes used in the database were either specific to the bureau or are used in the bureau’s classifications.
The database in question is located in the US and was hosted on a Google Cloud server which was exposed for an unknown period. At the beginning of March, all of the records contained in the database were wiped by an unidentified party. However, the empty database is still online and is accessible without any type of authentication.
CyberNews also discovered two other folders which were unrelated to the personal records found in the main folder on the database. These folders contained emergency call logs from a fire department in the US as well as a list of 74 bike share stations that is now owned by Lyft.
While the two smaller folders did not contain any personal information, the call logs from the fire department included dates, times, locations and other emergency call metadata from as far back as 2010. These two seemingly unrelated data sets may indicate that the database was a collection of stolen data or was used by several parties simultaneously.
However, the security analysts suspect that the database belonged to a data marketing firm or a credit card company based on how the data in the main folder was structured.
So, there are even questions over whether this was the result of a data breach. If the data discovered came from a hack, it wouldn’t be unprecedented that malicious third parties failed to secure their ill-gotten gains. Last year, this exact same type of irony played out when stolen credit card marketplace, Brian’s Club, was hacked and saw 26 million stolen credit cards stolen again. If anything, the case shows just how difficult it can be to secure such information when even the hackers sometimes struggle to keep that data secure (and they likely have a financial motive to secure such data in the first place).
In the case of this recent data leak, it probably is unnerving the idea of 200 million American’s having their information randomly floating around unsecured in the digital ether. Of course, what American’s can do is keep an eye on their credit reports and look for any suspicious transactions. If they do find fraudulent activity, report it immediately to the credit card company or bank.
With a number this big, this could shape up to be one of the biggest security incidences we see all year. At the very least, it has the potential at this stage.
March has been pretty active with security incidences. Previously, we saw the TruFure data breach, the Carnival Corp data breach, the Virgin Media data leak, the Koodo data breach, and the Clearview AI data breach. Some of these incidences seem like an eternity ago, but all these incidences were reported on this site just in this calendar month alone.
Drew Wilson on Twitter: @icecube85 and Facebook.
