Personal records of more than 600,000 individuals were potentially exposed following a data breach tied to data brokerage firm SL Data Services, a company operating several websites offering property research data.
The data breach, identified and reported by cybersecurity researcher Jeremiah Fowler, compromised a variety of sensitive personal information such as full names, family information, home addresses, phone numbers, email addresses, social media accounts, and vehicle registration records. It also included the individuals’ court records, criminal history, employment details, and private contact information.
In his report on Website Planet, Fowler said that he immediately informed SL Data Services about the leak, but did not get any response from the company. He underscored that in the course of one week, exposed records have already increased from 513,876 to 664,934.
Possible Causes are Unclear
It remains unclear whether the breach occurred due to SL Data Services’ own management or whether a third-party contractor may have been responsible for the security lapse.
“It seems the company offers more than just property records. In a phone call to customer support, I was told they also provide background check information, such as criminal checks, division of motor vehicles (DMV) records, death and birth records,” Fowler said. “Numerous customer reviews suggest that while the company claims users can get individual documents for as low as $1 per search, instead of a one-time payment, users are unknowingly enrolled in a subscription service, and charged a recurring monthly fee,” he noted.
Potential Risks Posed by the Breach
The extent of the breach’s impact remains under investigation, with Fowler suggesting that only an internal forensic audit could confirm whether unauthorized access occurred or if any further malicious activity took place.
Fowler said the data breach could pose the risk of an impersonation, or where a criminal uses the identity of an individual whose personal information was exposed in a background check document.
“I am not stating nor implying that Propertyrec’s customers or any individuals are at risk of impersonation, spear phishing, or social engineering attacks. I am only providing a real world risk scenario of how this type of information could possibly be exploited by criminals,” Fowler said.
“I would recommend that organizations use unique identifiers that are random and hashed instead of using customer names or PII as the filenames,” he said. “Additionally, companies who collect and store potentially sensitive data should monitor access logs. This can help identify any unusual patterns, such as instances of mass viewing or downloading of files from the organization’s cloud storage database or internal network.”
Why Trust
The Justice Collaborative
We are a team of media and legal professionals dedicated to advocating for fairness, protecting legal rights and pursuing justice for individuals and communities. We employ strict measures to ensure the accuracy of our information, any content found to be false, misleading, or distorted is promptly addressed.
Get Legal Help Now
Check if a top attorney can seek compensation for you.