A massive data breach has exposed the sensitive personal information of over 600,000 individuals. The breach originated from SL Data Services, a data broker operating under the name Propertyrec, which markets itself as a provider of real estate information reports but also offers criminal checks and DMV records. A researcher discovered 644,869 unencrypted PDF files (713.1 GB) stored in a publicly accessible Amazon S3 bucket, containing background checks with full names, addresses, phone numbers, email addresses, employment history, family details, social media accounts, and criminal records, along with vehicle and property records. The lack of password protection and encryption made the data easily accessible to anyone.
The exposed data presents a significant risk of identity theft, fraud, and social engineering attacks. The easily searchable file names, formatted as "First_Middle_Last_State.PDF," further exacerbated the risk. While the researcher contacted SL Data Services' support team, they received no response or explanation regarding the incident, highlighting a serious lack of accountability and data security practices. The researcher ultimately had to take several steps to remove the exposed data from public view.
This data breach underscores the critical need for robust data security measures within the data broker industry. The ease with which this sensitive information was accessed highlights the vulnerability inherent in insufficiently protected databases. The lack of response from SL Data Services raises serious concerns about their commitment to data protection. This incident serves as a stark reminder of the potential consequences of inadequate security measures and the critical need for greater transparency and accountability from data brokers.