Bad news for Americans looking to leave their illegal pasts behind, as investigators have flagged the leak of sensitive information on millions of convicted criminals.
Malwarebytes has published a blog post detailing how a group of cybercriminals leaked a database containing criminal records of millions of Americans, believed to contain 70 million rows of data.
Considering how Malwarebytes worded the announcement, we can assume that its researchers did not have direct access to this database. Still, it was said to contain people's full names, dates of birth, known aliases, mailing addresses, arrest dates, conviction dates, sentences and more.
Building a new leak site
The database is fairly recent and contains data generated between 2020 and 2024. Each row represents a single serious crime, not a record of all crimes a person may have committed.
The data was leaked by two well-known cybercriminals: EquationCorp and USDoD.
The latter, according to investigators, is a “high-profile player” in the field of data breaches, allegedly closely associated with Connor Fitzpatrick, also known as Pompompurin.
For those who haven't been paying attention, Pompompurin was the owner and primary administrator of BreachForums, the world's most popular underground forum for sharing stolen and leaked data, malware, and other warez. The forum was recently dismantled and Fitzpatrick arrested.
Malwarebytes claims that the USDoD is planning to create a new breach forum similar to BreachForums, and that posting this data could be a public relations stunt to draw attention and generate interest in the new site.
At this time, it is unknown who the hackers stole this data from, when, or how.
In any case, our American readers with criminal records should pay attention to the emails they receive, especially if they mention criminal convictions, include attachments and links, or demand urgent action. Hackers are likely to exploit the database in phishing and social engineering attacks.