Billions of records detailing people’s personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks’ private info.

A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, and rather incredibly claimed the trove included 2.9 billion records on all US, Canadian, and British citizens. It’s believed one or more miscreants using the handle SXUL was responsible for the alleged exfiltration, who passed it onto USDoD, which is acting as a broker.

The pilfered information is said to include individuals’ full names, addresses, and address history going back at least three decades, social security numbers, and people’s parents, siblings, and relatives, some of whom have been dead for nearly 20 years. According to USDoD, this info was not scraped from public sources, though there may be duplicate entries for people in the database.

Fast forward to this month, and the infosec watchers at VX-Underground say they’ve not only been able to view the database and verify that at least some of its contents are real and accurate, but that USDoD plans to leak the trove. Judging by VX-Underground’s assessment, the 277.1GB file contains nearly three billion records on people who’ve at least lived in the United States – so US citizens as well as, say, Canadians and Brits.

This info was allegedly stolen or otherwise obtained from National Public Data, a small information broker based in Coral Springs that offers API lookups to other companies for things like background checks. The biz did not respond to The Register‘s inquiries.

There is a small silver lining, according to the VX team: “The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present.” So, we guess this is a good lesson in opting out.

USDoD is the same crew that previously peddled a 3GB-plus database from TransUnion containing financial information on 58,505 people.

And last September, the same criminals touted personal information belonging to 3,200 Airbus vendors after the aerospace giant fell victim to an intrusion

Source: Crooks threaten to leak 2.9B records of personal info • The Register

Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company’s website and claimed to steal the Fanzone member information of 500,000 customers.

Cooler Master is a hardware manufacturer based in Taiwan that is known for its computer cases, cooling devices, gaming chairs, and other computer peripherals.

Yesterday, a threat actor by the alias ‘Ghostr’ contacted BleepingComputer and claimed to have stolen 103 GB of data from Cooler Master on May 18th, 2024.

“This data breach included cooler master corporate, vendor, sales, warranty, inventory and hr data as well as over 500,000 of their fanzone members personal information, including name, address, date of birth, phone, email + plain unencrypted credit card information containing name, credit card number, expiry and 3 digits cc code,” the threat actor told BleepingComputer.

Cooler Master’s Fanzone site is used to register a product’s warranty, submit return merchandise authorization (RMA) requests, contact support, and register for news updates.

In a conversation with BleepingComputer, Ghostr told BleepingComputer that the data was stolen by breaching one of the company’s front-facing websites, allowing them to download numerous databases, including the one containing Fanzone information.

The threat actor said they attempted to contact the company for payment not to leak or sell the data, but Cooler Master did not respond.

However, they did share a link to a small sample of allegedly stolen data in the form of comma-separated values files (CSV) that appear to have been exported from Cooler Master’s Fanzone site.

These CSV files contain a wide variety of data, including product, vendor, customer, and employee information.

One of the files contains approximately 1,000 records of what appear to be recent customer support tickets and RMA requests, which include customers’ names, email addresses, date of birth, physical addresses, phone numbers, and IP addresses.

BleepingComputer has confirmed with numerous Cooler Master customers in this file that the listed data is correct and that they opened an RMA or support ticket on the date specified in the leaked sample.

[…]

Source: Cooler Master hit by data breach exposing customer information