33M Data Files From DoD, USPS, Tech Giants Exposed

A massive data leak, or exposure, was recently made public and contained 33 million records including name, email address, and job title of employees from the Department of Defense, United States Postal Service, and tech giants like AT&T and IBM.

It turned out the exposure came from an inquiry to Troy Hunt, an IT professional with his own blog, who received a 52GB file with more than 33.6 million records. When Hunt went through the file, his blog says, he found non-sensitive information in the form of JSON data from U.S. only companies or organizations meticulously curated into detailed sets.

Diving into the data a bit more, and Hunt sees a unique identifier in the form of “netprospex contact id.” NetProspex came to fame as a B2B professional contact data and data management company. In 2015, NetProspex was acquired by New Jersey’s Dun & Bradstreet, a global business data and analytics firm.

When reached by Enterprise Mobility Exchange, a spokesperson from D&B replied with a statement:

“Based on our analysis, it is our determination that there has been no exposure of sensitive personal information from, and infiltration of, our system. The information in question is data typically found on a business card. As general practice, Dun & Bradstreet uses an agile security process and evaluates and evolves security controls to protect the integrity of our data.”

D&B also believes the exposed data was no longer in its possession, and was made public after leaving its security protocol, stating, “Generally, our legal agreements do require our customers to safeguard and maintain the confidentiality of the data they receive.”

These lists, which are often sold to customers for large chunks of money, are of great value to those who seek it, and this case is no different. The need of security for data at rest and data in motion has never been greater than it is today, whether it’s on infrastructure, mobile devices, legacy systems, apps, and every other piece of information technology.

Security in the mobile space will be the focal point of Enterprise Mobility Exchange: Security West on April 24 and 25 in Phoenix, Arizona. The invite-only strategy meeting will see dozens of IT executives across the c-suite, VPs, directors, and heads of mobility come together for an intense two-day agenda-packed event where they’ll have the opportunity to network with onsite solutions providers.

To find out more about the event, visit the Enterprise Mobility Exchange: Security West website here