Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/teroit/public_html/templates/risen_hope/vertex/responsive/responsive_mobile_menu.php on line 158

Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/teroit/public_html/templates/risen_hope/vertex/s5flex_menu/helpers.php on line 151
  • Register

Texas Professional IT Services LLC Blog

Texas Professional IT Services LLC has been serving the Baytown area since 1995, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: Vast Marketing Database Leaked. 33.7 Million Records Made Public

Alert: Vast Marketing Database Leaked. 33.7 Million Records Made Public

A sizable cache of personal information has been made public, with 33.7 million records being exposed. While not technically dangerous in its own right, this data could potentially be used to enable those with less-than-noble intentions.

The 53 GB leaked database, contained email addresses, corporate data, and other professional details. Very professionally organized and strictly targeted to the United States, the database was clearly designed for marketing purposes. Somewhere along the line, however, the database found its way outside the creator’s control and is now available to many more than they ever intended.

The list was originally a customer profile database, available from business service firm Dun & Bradstreet for a fee. While such a list would be relatively harmless in the hands of legitimate marketing firms, the public should be concerned that malicious hackers can now access this information.

Troy Hunt, who manages Have I Been Pwned, a site that alerts users if their data may have been jeopardized in a breach or leak, gave his own analysis. According to Hunt, the most common organizations to appear in the records are the following, in order, along with the number of records associated with each:

  • United States Department Of Defense: 101,013
  • United States Postal Service: 88,153
  • AT&T Inc.: 67382
  • Wal-Mart Stores, Inc.: 55,421
  • CVS Health Corporation: 40,739
  • The Ohio State University: 38,705
  • Citigroup Inc.: 35,292
  • Wells Fargo Bank, National Association: 34,928
  • Kaiser Foundation Hospitals: 34,805
  • International Business Machines Corporation: 33,412

Putting aside the risks to national security the public availability of this list presents, consider the impact it could have on any of the companies listed on it. It more or less reads as a phishing scam targeting guide. With the names, titles, and contact info for high-ranking targets laid out, a phishing campaign would be simple to put together, enabling the perpetrator to wreak havoc on their targets from a very convincing vantage point--one that’s more or less theirs to choose.

And of course, we have to return to the fact that there is military and government data on this list as well. Just as with the rest of this list, these names are accompanied by their job title. According to Hunt, while “Soldier” was the most common entry in the DoD’s share of the record, there were more specific titles, such as “Chemical Engineer” and “Intelligence Analyst.”

The security expert posed a very apt question about these records, "How would the U.S. military feel about this data - complete with PII and job title - being circulated?" and mentioned the very real concerns this data brings up. Hunt explicitly mentioned the prevalence of state-sponsored hacking attacks and pointed out how valuable this list could potentially be to an unsympathetic foreign power.

The most important takeaway from this event was also summed up by Hunt. According to the security expert, there’s “zero” chance of the data being reclaimed.

As far as Dun & Bradstreet is concerned, the company does not seem worried. An emailed statement from a company spokesman outlined that, in no uncertain terms, the business services provider is in no way, shape, or form at fault for this breach.

Their argument cited that Dun & Bradstreet had not found any evidence of a breach within its own systems. Pairing that with the fact that the data matched up perfectly to what they had sold in bulk to, according to them, thousands of other companies. Dun & Bradstreet also pointed out that the data appeared to be six months old.

In their statement, Dun & Bradstreet worked to minimize the perception of the threat this data could cause, stating the list was made up of “generally publicly available business contact data.”

This, however, does nothing to make the leak of this information less of a potential danger.

If you’re concerned about any potential vulnerabilities you may be subject to, there are two steps you should take right now. It may not be a bad idea to check out Have I Been Pwned, to see if your data has ended up where it shouldn’t. To proactively protect your business against these threats, give us a call here at Texas Professional IT Services LLC. We’ll help your business secure its data against other leaks like this one. Call us at (832) 514-6260.

Tip of the Week: Online Tool Explains Complex Tech...
Get a Handle on the Cloud and Improve Your Busines...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, December 22, 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Latest News & Events

Texas Professional IT Services LLC is proud to announce the launch of our new website at http://www.texproit.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Texas Professional IT Services LLC can do for your business.

Call Us Today
Call us today
(832) 514-6260

1209 Decker Dr.
STE 202

Baytown, Texas 77520