It wasn’t until earlier this month that a user named “Fenice” leaked 2.7 billion unencrypted records on the dark web site known as “Breached,” in the form of two csv files totalling 277GB. These did not contain phone numbers and email addresses, and Fenice said that the data originated from SXUL. As individuals will each have multiple records associated with them, one for each of their previous home addresses, the breach does not expose information about 2.7 billion different people.
Must-read security coverage What security experts are saying about the breach Why are the National Public Data records so valuable to cyber criminals?
“Paul Bischoff, consumer privacy advocate at tech research firm Comparitech, told TechRepublic in an email,”Background check companies like National Public Data are essentially data brokers who collect as much identifiable information as possible about everyone they can, then sell it to whomever will pay for it.
It collects much of the data without the knowledge or consent of data subjects, most of whom have no idea what National Public Data is or does.
“We need stronger regulations and more transparency for data brokers that require them to inform data subjects when their info is added to a database, limit web scraping, and allow data subjects to see, modify, and delete data.”
“National Public Data and other data brokers should be required to show data subjects where their info originally came from so that people can take proactive steps to secure their privacy at the source. Furthermore, there is no reason the compromised data should not have been encrypted.”