Now while these companies like Dunn and Bradstreet, Altegrity (which owns HireRight and Kroll Background America, Inc.), and LexiNexis, Inc. operate in the light of day, there are services that offer similar information to buyers for purposes that are less than honorable. These malicious sites often sell personal information like Social Security Numbers, Birth dates, Addresses, name etc. all for use in identity theft scams or other malicious purposes. How they gain their data is not completely known. Most feel that it is gathered from drive-by attacks where the payload is personal information.

Now it seems that might be a much better source for personal information than simply relying on drive-bay attacks and the occasional data breach. One of the sources of ill-gotten personal information ssndob setup a bot net in order to attack and pull information from companies like LexiNexis. It seems that they have organized a very coordinated and subtle attack on some primary data brokers in order to fill data requests. The attacks are so subtle that many of the executables that run on the infected systems do not even show up on commonly used malware scanners.

So this means that some of the largest storehouses of legal, personal and credit information are open for business to hackers and other malicious people. It raises concerns about just how secure large data warehouses are and how many more are already breached. This revelation could not have come at a worse time for many of these companies. Not only do many companies have explaining to do over possible reporting to the NSA, but now they cannot even keep our data safe from hackers.

Cloud data concerns aside, there is also the issue of this large scale penetration of so many companies going unnoticed for so long (some as far back as March 2013). How did this occur and how were they able to keep it under wraps for this long is something that many people are going to be working to figure out.

Tell us what you think in our Forum