MC2 Data Cybersecurity Incident
MC2 Data is a public records and background check company providing services to employers, landlords, and others. Allegedly, the company operates several public record and background check platforms, such as PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers, and PeopleSearch USA. These services gather, compile, and analyze data from a wide range of public sources, including criminal records, employment history, family data, and contact details.
On August 7th, the Cybernews research team uncovered that the company left a database with 2.2TB of people’s data passwordless and easily accessible to anyone on the internet. Cybernews researchers reported that the apparently misconfigured database exposed 106,316,633 records “containing private information about US citizens, raising serious concerns about privacy and security.
The Cybernews investigation indicates that the breach may have compromised the following data types including personally identifiable information PII:
- Names
- Emails
- IP addresses
- User agents
- Encrypted passwords
- Partial payment information
- Home addresses
- Dates of birth
- Phone numbers
- Property records
- Legal records
- Property records
- Family, relatives, neighbors data
- Employment history
Cybernews acknowledged that while data from MC2 Data may have been exposed, there is no definitive evidence that it was stolen. In their statement to The Cyber Express, Cybernews clarified that their team discovered an open database and attempted to contact MC2 Data, though they received no response. The leak presented significant risks, but when their research was published, the database was secured, leaving the extent of any potential misuse uncertain.
As of September 26, 2024, MC2 Data has not publicly acknowledged the data exposure or confirmed whether the incident resulted in a data breach.
What to do if you or your vendors have active relationships with MC2 Data
All customers and individuals need to take proactive measures to protect their personal information and mitigate potential risks including:
- Monitor account activity closely for any unauthorized transactions or unusual activities
- Sign up for identity theft protection
- Be cautious of phishing attempts
Taking proactive measures is crucial to safeguard personal information and maintain security during this period of concern.
Sign up to try VISO TRUST today
Try the VISO TRUST platform for free to see the CDK Global risk advisory in the context of your TPRM program and see if it impacts your vendors or your nth parties.