Background Check Services Breached: Over 20 Million Users Affected
By: Jim Stickley and Tina Davis
March 28, 2023
Background-checking companies do just that. These background reports are used to approve people for loans, housing, credit scores, and more. Employment agencies also run credit and background checks on some of their employees and they are often used to check the accuracy of what people are telling them regarding their personal information. Federal agencies, social media, court records, state records, and criminal records, can be gathered by these background check agencies.
Unfortunately, these organizations can also be data breach victims, subsequently making those who request the background checks the victims. Recently, two of the largest online background-checking services, TruthFinder and Instant Checkmate (both owned by People Connect) suffered serious data breaches that allowed sensitive data on over 20.2 million people to be leaked out online.
In late January, users of the services were notified that if they used these services before April 16, 2019, going as far back as 2011, their account information may have been leaked to a hacking forum. The accessed information included email addresses, phone numbers, and secure encrypted passwords-both past and present.
In a statement, People Connect said, "We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company."
The stolen information was posted on a thread on the Breached hacking forum to be freely discussed and made available to anyone wanting to use it. At this point, it's unclear whether or not this leak was intentional or simply a breach of security. People Connect is continuing to investigate, but in the meantime, subscribers to these services should most definitely change passwords to their accounts. Use strong passwords with at least eight characters including a mix of upper- and lower-case letters, as well as numbers and special characters. Also, be on the lookout for targeted phishing attacks that reference anything related to background checks.