Full data enrichment profiles for more than 200 million people have been placed up for sale on the Darknet. The person offering the files claims the data is from Experian, and is looking to get $600 for everything.
Details of this incident came to Salted Hash via the secure drop at Peerlyst, where someone uploaded details surrounding the sale and the data. The data was first vetted by the technical review board at Peerlyst, who confirmed its legitimacy. Once it was cleared by the technical team, a sample of the data was passed over to Salted Hash for additional verification and disclosure.
Calls to individuals in the sample data went to voicemail and were not returned. Should any of them confirm their information, we’ll update this story.
Salted Hash also reached out to Experian and one other firm, Acxiom, as sources have speculated the information that’s up for sale aligns with enrichment data made available by these companies.
Acxiom did not respond to questions. However, sources at Experian said that they were made aware of this data breach last week, and investigations determined that it wasn’t their data.
Instead, investigators believe the data on offer is a collection of records that’s being labeled as Experian’s in order to leverage the company’s name.
“We’ve seen this unfounded allegation and similar rumors before. We investigated it again – and see no signs that we’ve been compromised based on our research and the type of data involved. Based on our investigations and the lack of credible evidence, this is an unsubstantiated claim intended to inflate the value of the data that they are trying to sell – a common practice by hackers selling illegal data,” Experian said in an emailed statement.
So while Experian investigators state the data isn’t theirs, the fact that the data exists is still a problem.
The seller is taking things seriously too, limiting access to the data by refusing to deal with potential buyers who have newer accounts or those with only a few hundred dollars in previous transactions.
There are 203,419,083 people listed in 6GBs worth of records. The profiles include PII such as a person’s name, full address, date of birth, and phone number, but because it’s enrichment data - the records also include more than 80 personal attributes.
Among the additional attributes, profiles include a person’s credit rating (listed A-H); the number of active accredit lines; whether the person is a credit card user; if they own or rent their home; the type of home the person lives in; marital status; the number of children a person has; how many children are in the home; occupational details; education; net worth; and total household income.
In addition, some records indicate a person’s political donations, including fields denoting conservative donations, liberal donations, or general political causes.
Other fields list personal donations (i.e. veteran’s charities, local community charities, healthcare charities, international charities, animal charities, arts or culture charities, children’s charities); and financial investments (foreign and domestic, including personal investments, stocks and bonds, or real estate).