Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Dave LeClair

Over 600,000 people hit in massive data breach — background checks, vehicle and property records

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light.

Another background check company suffered a data breach; this time, more than 600,000 people were affected. It's a minor breach compared with the 2.9 billion people hit by the National Public Data hack, but it's still scary.

The company in question, SL Data Services, was discovered online. It was publicly exposed and not password-protected or encrypted.

Cybersecurity researcher Jeremiah Fowler discovered the breach (or lack of protection on the files). The breach contained vehicle records, court records, property ownership reports, full names, addresses, email addresses, employment details, social media accounts, phone numbers, and criminal records.

Everything was contained in PDF files, most of which were labeled "background check." There was a total of 713.1GB of files in the database.

Thankfully, the information isn't publicly available anymore, but it took a while before it was properly locked down. After the responsible disclosure notice was sent, it took a week before SL Data Services made it unavailable. A whole week is a long time to have 600,000 people have their information sitting in publicly accessible files.

Unfortunately, those with data in the breach might not even know their information was included. Since background checks are usually performed by someone else and the person being checked rarely knows which background check company was used, this could be even messier.

While social security numbers and payment information aren't included in the breach, with so much data being publicly available about the people affected, scammers can use that information to trick unsuspecting victims with social engineering attacks.

Thankfully, there's no indication that malicious actors accessed the open database or collected sensitive information, but there's no proof that they didn't. Only time will tell — if we start seeing a rise in sudden social engineering attacks, we know something happened.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.