This hack shows how important opting out of sharing your data is

News
By published

In the 4 TB database stolen, only those who opted out of sharing their data were not included

A digital concept image of an online database
(Image credit: Getty Images)

A massive data breach of the "biggest database ever" that allegedly includes 4 TB worth of data has demonstrated how important opting out of sharing your data is.

The hacker allegedly responsible for the breach (who goes by "USDoD") originally posted the leak to notorious dark web data breach site, BreachForums, on April 8, 2024. In their post, USDoD said: "Hello Breachforums [sic] Im [sic] proud to say that I got access to the biggest database ever. This is the entire population of US, UK and CA".

The post went on to explain that the database was from National Public Data, a background check and individual lookup site that offers API lookups to businesses. USDoD claimed that the database contained 2.9 billion rows, had data from 2019-2024, and was 200 GB compressed or 4 TB uncompressed. USDoD has offered the sale of the database for $3.5 million and said they would provide "credentials" for the database's server to the buyer.

Now, vxunderground, the self-described "largest collection of malware source code, samples, and papers on the internet" has investigated the leak.

In a post on X (formerly Twitter) on June 2, vxunderground explained that they had discovered USDoD intended to leak the data and had requested a copy of the database to confirm the legitimacy of the hacker's claims.

Vxunderground noted that the files sent to them for verification was 277.1GB uncompressed and contained "real and accurate" data, confirmed via vxunderground looking up data from consenting individuals.

The data present for those in the US contained full names, addresses, address history going back more than three decades in some cases, and social security numbers. Through the database, vxunderground were also able to find the family members of those they looked up, including parents, siblings, aunts, uncles and cousins, even if these relatives were deceased. It was through looking up these consenting individuals that vxunderground was able to discover that the database contained information on those who were deceased, with some included having been dead for almost 20 years.

One of the main takeaways from this data breach is the fact that any person who used any kind of data opt-out services was not present on the database. Anyone who did not use data opt-out services was "immediately found" by vxunderground.

This clearly shows how important opting out of sharing your data is. If you're concerned about what data of yours is available, you can use data removal services

A great example of this is from one of the best VPN providers, Surfshark. With Surfshark's Incogni service (and other data removal services), you can delete your data from online databases, leaving you safe in the knowledge that your personal information is not available for anyone to see.

Olivia Powell
Olivia Powell
Tech Software Commissioning Editor

Olivia joined Tom's Guide in October 2023 as part of the core Tech Software team, and is currently VPN Commissioning Editor. She regularly uses VPNs to make sure they deliver what they promise, and specializes in testing VPNs with streaming sites.