Massive Criminal Records Leak Exposes Personal Information of 70 Million Americans

Cyber Attack

A group of cybercriminals has leaked a database containing the criminal records of 70 million Americans, according to cybersecurity company Malwarebytes.

The leaked data includes individuals' full names, dates of birth, known aliases, postal addresses, dates of arrest, dates of conviction, sentences, and more. This breach poses significant risks for anyone with past convictions.

What Happened: Detailed Analysis of the Incident

The hacking groups EquationCorp and USDoD are reportedly behind the breach. The leaked database, containing 70 million entries, includes the full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and other details of individuals who interacted with the U.S. justice system between 2020 and 2024.

We spoke with Pieter Arntz, a security researcher at Malwarebytes, who confirmed that they obtained a small sample of the records. Each entry represents either an arrest or a case rather than a comprehensive record of all crimes committed by an individual, providing snapshots of discrete legal events rather than a complete criminal history.

The exact source of the database is unknown. However, the hacker group USDoD, closely linked to "Pompompurin," the operator of the original data leak site BreachForums, is believed to be involved. According to Malwarebytes, USDoD aims to create a successor to the recently shut-down BreachForums. By releasing this database, USDoD might be attempting to attract new users.

The same hacker is also suspected to be involved in a breach at TransUnion, with some of that data being dumped in September 2023.