A cybercriminal going by the names of EquationCorp and USDoD has released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data.
The leaked database is said to include full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and much more. Dates reportedly range from 2020 to 2024.
The exact source of the database is as yet unknown.
USDoD is a high-profile player in this field, closely associated with “Pompompurin”, the operator of the first iteration of data leak site BreachForums. USDoD is said to have plans to set up a successor to the second iteration of BreachForums which was recently seized by law enforcement. Releasing this database may be USDoD’s way to round up some interested users.
USDoD is also believed to be involved in a breach at TransUnion, the data of which was (partly) dumped in September, 2023.
Needless to say, having the criminal information leaked could have a tremendous impact, not only for the listed individuals but also for the justice system. We’ll keep you updated.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
- Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
- Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your digital footprint
If you want to find out how much of your own data has been exposed online, including your criminal record data, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll give you a free report, along with tips on what to do next.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.