The database exposed, has more than 33 million records along with unique e-mail addresses and information related to the thousands of company employees which includes a large fraction of US corporate population.
The business services giant Dun and Bradstreet assured that they own the database which they gained as a part of 2015 deal to buy NetProspex for $125 million.
The data includes dozens of information that is private as well as corporate data. It is used for marketers who directly target their own e-mail campaigns and through other interactions methods for current and future customers.
bluehost® helps big brands scale WordPress.
BlueHost: Get Professional Website Hosting For 3.95/MonthTry BlueHost Now
A breach notification site ‘’ Have I been pwned’’ runner Troy Hunt analyzed these records and said, ‘’ The breakdown was entirely US-focused, with California as the most represented demographic with over four million records, then New York with 2.7 million records and Texas with 2.6 million records.’’
Hunt’s analysis revealed that the department of defense is the leading group with 101,013 employee records, followed by US postal service with 88,153 employee records along with US Army, Air Force and department of veteran affairs with combined 76,379 records. Also, AT&T, Boeing, Dell, FedEx, IBM and Xerox were among the top named companies in database with thousands of employee records.
Hunt also in his e-mail said, “It also serves as a reminder that we’ve lost control of our privacy; the vast majority of people in the data set would have no idea their information is being sold in this fashion and they certainly don’t have any control over it.”
Prior to the publication Dun and Bradshaw in an e-mail statement said that “We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system.”
Dun and Bradstreet while clearing the situation said that the company contains data that is generally public available business contact used for marketing and sales purposes.
While Hunt in opposing said that the data would make it easy for cyber-criminals to use the information and trick the employee’s by using their financial information.
This type of activity is not clear that whether it falls within the privacy data protection or not, though the executive said that the database was ‘’completely complaint’’ with US privacy laws.