100 million Americans just had their background check data exposed — phone numbers, dates of birth and more

An open lock depicting a data breach
(Image credit: Shutterstock)

Having to get a background check done is bad enough as it is but what if all of your personal and employment information was left exposed online for anyone to access? Well, that’s exactly what just happened for at least 100 million Americans.

Unlike with data breaches which are usually the work of hackers, data leaks occur when a company fails to properly secure the data points it has on customers or in this case, one third of the entire U.S. population.

As reported by Cybernews, its security researchers recently discovered a worrying data leak at a company called MC2 Data which operates a number of public record and background check sites including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers and PeopleSearch USA.

Here’s everything you need to know about this massive new data leak including all of the information that was exposed along with some tips and tricks to help keep you safe from hackers trying to use this leaked info in their attacks.

Leaked background check data

Just like with other past data leaks, this one was likely the result of human error instead of hackers. Cybernews’ research team found approximately 106,316,633 records or 2.2TB of data from MC2 Data was stored in a database without a password on August 7th. This could have allowed anyone on the internet to access and download this information, including hackers.

It’s estimated that at least 100 million U.S. citizens are affected by this data leak. However, the data of 2.3 million MC2 subscribers was also leaked as a result of this database being left unprotected online.

The leaked data includes the names, email addresses, IP addresses, physical addresses, phone numbers, dates of birth, employment history, property records, legal records, employment history, encrypted passwords and even data on the families, relatives and neighbors of those affected. It appears that no financial information was leaked though.

Not only does this leaked data put affected individuals at risk but it’s also very likely that MC2 Data will face both damage to its reputation and potential legal action. We’ll update this story accordingly as we find out more on this massive data leak.

How to stay safe after a data leak

A nervous woman looking at her phone

(Image credit: Shutterstock)

Normally after a major data breach, a company will provide free access to the best identity theft protection service or at least credit monitoring to its customers. However, as MC2 Data and other background check companies have your data even though you aren’t technically a customer, that likely won’t be the case here unless a government agency intervenes.

So what could hackers do with all this leaked data? Based on the types of data that were exposed online, targeted phishing attacks are the most likely outcome. In these types of attacks, hackers use the information they have on you — which is a lot here — to craft personalized phishing emails or text messages.

You see, hackers could use these phishing messages as a way to coax more information like passwords or credit card details out of you. Likewise, they could send you malicious links or malware-filled attachments as a way to infect your computer or even your smartphone.

With all of this personal and employment information out there, my best advice is for you to be extremely careful and diligent when checking your inbox or even your messages for the foreseeable future. Look out for messages from unknown senders that try to instill a sense of urgency. However, as phone numbers were also exposed, you could be getting scam calls too.

It’s one thing for hackers to break into a company and steal its data, it’s another when a database filled with troves of personal information is left unsecured online without a password. Hopefully MC2 Data and all of the other companies that handle troves of sensitive data learn from this incident. However, I’ve written loads of stories about unsecured databases over the years, and this kind of thing just seems to keep happening.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.