Database with personal info on 33M apparently breached

Database with personal info on 33M apparently breached
© Getty Images

A database of information on 33 million people was leaked to a researcher, apparently breached from a large business services company. 

Troy Hunt, who runs the website Have I Been Pwned, which lets users check if their data has been pilfered, reported receiving the database in a blog post. Hunt did initial analysis of the data. 

The file is 52 gigabytes, containing names, employment information including salary, and contact information including phone numbers, emails and physical addresses.

According to Hunt’s analysis, more than 100,000 of those records came from Department of Defense personnel. Another 90,000 came from the United States Post Office, and tens of thousands each from IBM, Wal-Mart, Ohio State University, AT&T and more. 

Big data firm Dun and Bradstreet confirmed to ZDNet it owns the database, having acquired it in a 2015 purchase of the company NetProspex.

ZDNet reported that Dun and Bradstreet conducted an internal investigation and determined the data was about six months old and had not been breached from internal systems. It does not know which of its clients lost control of the data set. 

Hunt ended his blog post on a “lighter note.” 

“There are 3 records for individuals with a first name of ‘Donald’, a last name of ‘Trump’ and a job title of ‘President’. They occupy genuine roles within legitimate businesses and just happen to share these three data points with the 45th bloke at the top. Their industries are ‘Airlines, Airports & Air Services’, ‘Insurance’ and ... ‘Hair Salons.’ ”