A new reported breach has seemingly exposed the personal information of some 80 million U.S. households—and no one seems to know who’s to blame.
There’s a lot we don’t know yet, but there’s enough evidence to suggest that the breach is incredibly widespread. It was unearthed by security researchers Ran Locar and Noam Rotem of vpnMentor, who only know that the unencrypted data is hosted by a Microsoft cloud server and appears to be limited to people over the age of 40. In dissecting the data, the researchers found that it “seems to itemize households rather than individuals,” and includes:
- Full addresses, including street addresses, cities, counties, states, and zip codes
- Exact longitude and latitude
- Full names, including first, last, and middle initial
- Date of birth
Additionally, the researches discovered coded references to title, gender, marital status, income, homeowner status, and dwelling type. That might not seem as dangerous as a social security or credit card number leak, but vpnMentor explains that the data here “is a goldmine for identity thieves and other attackers.”
In the article, the researchers warn that hackers could use this information here in phishing and ransomware scams, as well as less-technical scams that track your social media to find out if you’re home. “The thief not only knows where you live, they also now know that you’re far away from home so the house is probably empty. They can also see your income, so can approximate the value of your home contents. You just became a prime target for attack,” the report states.
Based on the type and wealth of information, the company suspects that database is owned by an insurance, healthcare, or mortgage company.