Hacker using laptop against multiple monitors at desk in office. (Courtesy: Shutterstock)
(Eric Lieberman, The Daily Caller News Foundation) – More than 33 million records from various corporations and government agencies were leaked recently after researchers discovered the information was quietly made available to the public.
Organizations with the most files exposed are the Department of Defense, with 101,013 employee records, and the U.S. Postal Service with 88,153, according to ZDNet. The U.S. Army, Air Force, and the Department of Veterans Affairs reportedly had a combined 76,379 records exposed. Businesses affected by the breach include AT&T, Dell, Xerox, IBM, FedEx, and Boeing.
Unique email addresses and other personal contact information were leaked, but it is not exactly yet known how the data was revealed or who is the culprit, reports ZDNet.
The large database was owned by Dun & Bradsheet, a business services conglomerate. It sells the information to advertisers who want to directly target specific industries and people. Marketers will pay substantial amounts of money for an organization’s data, specifically the names of employees, phone numbers, job titles, duties, and work email addresses.
“We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day,” Dun & Brawshaw said in an official statement, reports ZDNet. “Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system.”
While the company is reportedly taking the issue seriously, it is also arguing that the severity of the incident is not as exceptional as it may first appear because the data contains “generally publicly available business contact data, used for sales and marketing purposes.”
But Troy Hunt, who runs a breach notification site, says that gaining such information can be very valuable for phishing scams.
Phishing is the attempt to acquire sensitive data (like credit card numbers, usernames, passwords, social security numbers) for nefarious reasons by tricking unsuspecting users to click on infected links.
“The value for very targeted spear phishing is enormous because you can carefully craft messages that refer to specific individuals of influence and their roles within the organization,” Hunt wrote on a blog post. “For example, sending a message on behalf of the ‘Vice President, Senior Private Banker’ (her name is easily discoverable) to an accountant in the firm requesting an urgent transfer.”
Hunt states that while much of the information can be found with a moderate amount of browsing, “having so much of it in one place enables the automation of attacks across a broad range of organizations (emphasis his).”
As for workers who want to make sure their data is no longer exposed on the internet, Hunt says there is “next to zero” of a chance.
Content originally published at The Daily Caller.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.
