Massive data leak could mean one-third of Americans has data leaked online

Image Credit: Shutterstock (Image credit: Shutterstock)

Researchers have discovered a huge data leak originating from background check firm MC2 Data, which apparently left a 2.2TB database online without a password, freely accessible to anyone on the internet.

The team at Cybernews says the data is said to have included the private information of 106,316,633 US citizens, almost a third of the nation's population. As a background check company, MC2 Data held personally identifiable information on a range of people - including names, addresses, phone numbers, legal records, employment history, and more.

The researchers suggest the leak was likely caused by human error, as it contained the information not just of those who had background checks performed, but also of over two million users who had subscribed to M2C Data services.

Inadequate protections

The event is the second huge data leak from a background check company in the last two months, with an August 2024 report confirming National Public Data suffered a data breach which sparked class actions for putting many at risk of identity theft.

“Background-checking services have always been problematic, as cybercriminals would often be able to purchase their services to gather data on their victims," said Cybernews researcher Aras Nazarovas. “Such a leak is a goldmine for cybercriminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively”

Particularly concerning is the threat to the subscribers whose information was exposed, since they are likely to be higher value targets such as employers or law enforcement. With such a huge number of people exposed, the breach underlines the importance of robust security and privacy practices - we've listed the best antivirus software to help keep your information secure.

If you suspect your data may have been stolen, take a look at our article on the best identity theft protection.

More from TechRadar Pro

Take a look at some of the best malware removal software
Intellexa hit by additional sanctions by US government
Check out our pick for best endpoint security

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.