Hackers have leaked the criminal records of millions of Americans online — how to stay safe

An open lock depicting a data breach
(Image credit: Shutterstock)

Having a criminal record is bad enough as it is but what if information about your arrest, conviction and even your personal info was out there on the web for anyone to find? Well, that’s exactly what just happened to 70 million Americans.

According to a new blog post from Malwarebytes, a group of hackers who go by the names EquationCorp and USDoD have managed to steal and then leak a huge criminal record database online.

The database itself contains 70 million rows and includes the full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences and more of millions of Americans who had a run-in with the U.S. justice system between 2020 and 2024. 

In an email to Tom's Guide, a Malwarebytes's Pieter Arntz explained that "every record appears to be just one crime, or one arrest, as opposed to a record of all of the crimes of an individual person" which could be good news for those with lengthy rap sheets.

At this time, the exact source of the database is unknown, though we do know a bit about the hackers behind this leak. USDoD is a high-profile hacker group that has close ties to “Pompompurin” who ran the first version of the data leak site BreachForums. While that site has since been seized by law enforcement and shut down, the group was planning to create a successor to it. 

Malwarebytes’ researchers think that by releasing this new trove of leaked data, USDoD could be trying to stir up interest among other cybercriminals in their new data leak site. We’ll have to wait and see if this is the case but either way, here’s what you need to know if your criminal record data was exposed in this new leak.

How to stay safe after a data breach

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

Normally after a data breach of this magnitude, the companies involved would provide affected customers with free access to the best identity theft protection services. However, as this is the U.S. government we’re dealing with after all, that likely won’t happen. As such, you’re going to need to take matters into your own hands when it comes to protecting yourself from hackers and other cybercriminals misusing your criminal record data.

Since names, dates of birth, addresses and more were exposed in this data breach, there’s a lot hackers can do with your stolen information. From identity theft to targeted phishing attacks, you need to be extra vigilant online going forward. This means checking your bank statements for abnormalities and carefully scrutinizing any email from an unknown sender that ends up in your inbox. At the same time, scammers could try to reach you via mail since they do have your address.

As you could be exposed to malware and other viruses distributed through phishing emails, you want to make sure you’re using the best antivirus software on your PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your smartphone.

To see if your criminal record or other personal data has been exposed online, you can use Malwarebytes' own digital footprint scan, though there are other similar tools online, with Troy Hunt's Have I Been Pwned being the most popular.

Given that everyone affected by this data breach has a criminal record, we likely won’t see the same kind of attention that those impacted by a company that suffered a data breach would. Hopefully though, the U.S. government steps in to provide some safeguards for Americans whose personal data and criminal records have been exposed online.

More from Tom's Guide

Contract Length
Showing 2 of 2 deals
Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.