Data breaches are almost always tied to a site, service, or subscription, which gives you some control over your fate: You can change your password, monitor any suspicious activity, or delete your account. But a new reported breach has seemingly exposed the personal information of some 80 million U.S. households—and no one seems to know who’s to blame.
There’s a lot we don’t know yet, but there’s enough evidence to suggest that the breach is incredibly widespread. It was unearthed by security researchers Ran Locar and Noam Rotem of vpnMentor, who only know that the unencrypted data is hosted by a Microsoft cloud server and appears to be limited to people over the age of 40. In dissecting the data, the researchers found that it “seems to itemize households rather than individuals,” and includes:
- Full addresses, including street addresses, cities, counties, states, and zip codes
- Exact longitude and latitude
- Full names, including first, last, and middle initial
- Date of birth
Additionally, the researches discovered coded references to title, gender, marital status, income, homeowner status, and dwelling type. That might not seem as dangerous as a social security or credit card number leak, but vpnMentor explains that the data here “is a goldmine for identity thieves and other attackers.” In the article, the researchers warn that hackers could use thie information here in phishing and ransomware scams, as well as less-technical scams that track your social media to find out if you’re home.
Based on the type and wealth of information, the company suspects that database is owned by an insurance, healthcare, or mortgage company. It is asking the public for help in identifying the holder of the data by emailing firstname.lastname@example.org.