Unveiling the Enigma: Investigating a Presumed Data Broker’s Security Breach

But confirming the source of the alleged data theft has proven inconclusive, such is the nature of the data broker industry, which gobbles up individuals’ personal data from disparate sources with little to no quality control. But this alleged breach of a data broker appears to be an outlier, in part because some of the data appears genuine and some already verified. The proliferation and commoditization of personal data across the data broker industry also makes it more challenging to identify the source of data leaks. And even if this particular data breach remains unsolved, it shows once more that the data broker industry is out of control and poses real privacy issues to ordinary people. We couldn’t definitively solve the mystery of this data breach, but there was enough there to detail our verification efforts.

In the month of April, a skilled hacker, known for profiting from stolen data, has claimed a massive breach of billions of records. This breach is believed to have affected at least 300 million individuals and is considered one of the most significant data breaches of the year.

The stolen data, reviewed by TechCrunch, appears to be authentic, though not entirely perfect. This information, advertised on a prominent cybercrime forum, spans several years and includes sensitive details such as full names, past addresses, and Social Security numbers. Unfortunately, this type of data is widely available for purchase through data brokers.

Confirming the source of this alleged data theft has proven challenging, as the data broker industry lacks proper quality control measures. These companies collect and sell personal data from various sources, making it difficult to pinpoint the origin of a data leak.

The hacker behind this breach claims that a company called National Public Data is responsible for the data theft. Operating as one of the largest providers of public records on the internet, this data broker claims to have access to several databases. These databases include a “People Finder” service, allowing users to search by Social Security number, name, date of birth, address, or telephone number. They also boast a database containing data on over 250 million US citizens and a registry with details on 100 million registered voters. Additionally, they offer a criminal records database and more.

The hacker claimed that vx-underground, a well-known malware research group, has verified the accuracy and authenticity of the stolen data. According to them, they were able to find information on specific individuals, including their parents, deceased family members, and even extended relatives such as uncles, aunts, and cousins. TechCrunch also made efforts to confirm the legitimacy of the data but had mixed results.

Do you have more information about this incident or similar incidents?
From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or Email.
You can also reach out to Zulkarnain Saer Khan on Signal at +36707723819, or on X @ZulkarnainSaer .
You can also contact TechCrunch via SecureDrop.

During their own investigation, TechCrunch discovered several discrepancies in the data, including email addresses with different names that seemed unrelated to the rest of the individual’s information. However, the sample also contained sensitive information regarding well-known public figures, including a former US president.

TechCrunch provided the hacker, known as USDoD, with the names of eight individuals who consented to having their information checked, but the hacker did not return any data for these individuals. Additionally, TechCrunch contacted 100 people whose contact details were included in the sample, but only one person responded and confirmed that only some of their data was accurate.

Attempts to contact National Public Data and its founder and CEO, Salvatore Verini, were unsuccessful. After being contacted by TechCrunch, the company removed specific pages from their website, providing details on the databases they offer.

It’s not uncommon for hackers to claim data breaches that turn out to be false, especially on hacking forums. This is why cybersecurity reporters, like TechCrunch, put in extensive effort to verify these incidents, often with inconclusive results.

However, this specific data breach appears to be a rarity, considering that some of the data has been verified. The constant proliferation and commercialization of personal data within the data broker industry makes it increasingly difficult to track the source of these leaks. Even if the culprit remains unknown, this incident serves as a reminder of the unregulated, out-of-control state of the data broker industry and its potential risks to individuals’ privacy.

Unfortunately, while we couldn’t definitively solve the mystery of this data breach, our verification efforts provided enough evidence to justify our report. One thing remains evident – as long as data brokers continue to collect and sell personal information, the risk of data breaches will persist.