Jeremiah Fowler reports finding another exposed database with a lot of personal information. This one may belong to SL Data Services, LLC, though Fowler notes that the folders inside it were named with separate website domains. “It appears that the company operates a network of an estimated 16 different websites, offering a range of information services,” WebsitePlanet reports.
The publicly exposed database was not password-protected or encrypted. It contained 644,869 PDF files (713.1 GB in total), including court records, vehicle records (license plate and VIN) and property ownership reports. However, around 95% of the limited sample of documents I saw were labeled as “background checks”. These documents contained full names (first, last, and middle), home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history. In a sample of individuals with unique names, I found individuals with the same name matching the home address listed in the background check documents. This information provides a full profile of these individuals and raises potentially concerning privacy considerations.
Read more at WebsitePlanet, paying particular attention to this statement by Fowler:
It is not known how long the database was exposed or if anyone else gained access to it. Only an internal forensic audit could identify additional access or potentially suspicious activity. I did not receive a response from SL Data Services / Propertyrec after my disclosure notice or at any time before publication. It is not known if the database was owned and managed by SL Data Services / Propertyrec or a third-party contractor.
Will the database owner or responsible party be issuing any notifications to regulators or individuals? DataBreaches does not know, but is posting this incident on this site as a way of keeping track of it in case some of the data shows up for sale at some point on a forum frequented by hackers.