Skip to main content
close search
site logo
Dive Brief

33.7M records leaked from US commercial database

Published March 16, 2017
By
Contributing Editor

Dive Brief:

  • Approximately 33.7 million records from a commercial corporate database have been leaked, according to Troy Hunt, who runs breach notification site Have I Been Pwned and serves as a Microsoft regional director in Australia.
  • U.S. business services company Dun & Bradstreet confirmed it owned the leaked database, which it acquired when it bought NetProspex in 2015, ZDNet reports. Hunt obtained the database and analyzed the records, which include email addresses, job titles and functions, work email addresses and numbers and other contact details from employees of thousands of companies. 
  • Of the 52GB of information held in the database, California was the most represented demographic, with more than four million records, followed by New York with 2.7 million records and Texas with 2.6 million records. Many of the records came from federal government agencies, including the Department of Defense, the U.S. Postal Service, the U.S. Army, Air Force, and the Department of Veterans Affairs. Thousands of records also came from private sector businesses, including companies like AT&T, Boeing, Dell, FedEx, IBM and Xerox.

Dive Insight:

NetProspex data can be bought by companies and used by marketers to conduct email campaigns or other marketing activities. So although D&B confirmed it owns the database, figuring out who actually leaked the data may be impossible because it’s been distributed to lots of customers over the years.

In a statement to ZDNet, a spokesperson for Dun & Bradshaw downplayed the incident, writing in an emailed statement that the data was not exposed through one of their systems, and that the type of data leaked is the same type they "deliver to customers every day."

But having all the data aggregated in one place is what makes it oh so valuable to cybercriminals.

"All this personal identifiable information in one place makes it easy for those with malicious intent to develop targeted whale phishing campaigns and W-2 BEC scams," said Brian Vecci, technical evangelist at Varonis. "It's clear organizations need to understand where their information assets are, who is using them, and who is responsible for them so they can detect malicious activity before it becomes a massive loss."

At this point, data is so prolific, it’s questionable whether people can even attempt to control it anymore. Still, companies that collect such data need to go to great lengths to protect, or risk a PR nightmare like the one D&B is facing right now.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell