The PeopleConnect, Inc. data breach affected its background check services, specifically Instant Checkmate and Truthfinder. The breach involved the sensitive information of subscribers.
PeopleConnect disclosed the breach in February. The breach exposed a list containing the following information:
- Names
- Email addresses
- Telephone numbers (in some instances)
- Securely encrypted passwords
- Expired and inactive password reset tokens
The breach occurred due to vulnerabilities in the company’s security measures. Specifically, there were weaknesses related to password protection and data storage.
Hackers gained access to the data by exploiting vulnerabilities in the company’s security infrastructure. The breach allowed them to access sensitive subscriber information.
The breach was discovered when the compromised data, including subscriber details, appeared in an online forum. PeopleConnect became aware of the situation and promptly investigated further.
Approximately 20.2 million individuals were impacted by this breach. Their personal information was exposed, potentially leading to identity theft, phishing attacks, and other security risks.
In response to the breach, PeopleConnect took several actions:
- They notified affected subscribers promptly.
- They clarified that the password field was not in readable form; passwords were hashed and encrypted using the ‘scrypt’ algorithm.
- The company investigated the incident and worked to secure its systems.
To prevent similar breaches in the future, PeopleConnect should:
- Strengthen password protection mechanisms.
- Regularly audit and monitor access to sensitive data.
- Review and improve cloud storage security practices.
This breach highlights the importance of robust security practices, timely detection, and transparent communication with affected users. Companies must prioritize data protection to safeguard user privacy and trust.