Over 600,000 people hit in massive data breach — background checks, vehicle and property records

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light
(Image credit: Getty Images)

Another background check company suffered a data breach; this time, more than 600,000 people were affected. It's a minor breach compared with the 2.9 billion people hit by the National Public Data hack, but it's still scary.

The company in question, SL Data Services, was discovered online. It was publicly exposed and not password-protected or encrypted.

Cybersecurity researcher Jeremiah Fowler discovered the breach (or lack of protection on the files). The breach contained vehicle records, court records, property ownership reports, full names, addresses, email addresses, employment details, social media accounts, phone numbers, and criminal records.

Everything was contained in PDF files, most of which were labeled "background check." There was a total of 713.1GB of files in the database.

Reader Offer: Save 75% on Aura identity theft protection

Reader Offer: Save 75% on Aura identity theft protection
Aura provides everything you need to protect your identity, data and devices online with malware protection, a password manager and a VPN all included. Tom's Guide readers can save up to 75% when they sign up.

Preferred partner (What does this mean?)

Thankfully, the information isn't publicly available anymore, but it took a while before it was properly locked down. After the responsible disclosure notice was sent, it took a week before SL Data Services made it unavailable. A whole week is a long time to have 600,000 people have their information sitting in publicly accessible files.

Unfortunately, those with data in the breach might not even know their information was included. Since background checks are usually performed by someone else and the person being checked rarely knows which background check company was used, this could be even messier.

While Social Security numbers and payment information aren't included in the breach, with so much data being publicly available about the people affected, scammers can use that information to trick unsuspecting victims with social engineering attacks.

Thankfully, there's no indication that malicious actors accessed the open database or collected sensitive information, but there's no proof that they didn't. Only time will tell — if we start seeing a rise in sudden social engineering attacks, we know something happened.

More from Tom's Guide

Category
Arrow
Arrow
Back to MacBook Air
Brand
Arrow
RAM
Arrow
Storage Size
Arrow
Screen Size
Arrow
Colour
Arrow
Storage Type
Arrow
Condition
Arrow
Price
Arrow
Any Price
Dave LeClair
Senior News Editor

Dave LeClair is the Senior News Editor for Tom's Guide, keeping his finger on the pulse of all things technology. He loves taking the complicated happenings in the tech world and explaining why they matter. Whether Apple is announcing the next big thing in the mobile space or a small startup advancing generative AI, Dave will apply his experience to help you figure out what's happening and why it's relevant to your life.