March 15, 2017
ZD Net reports that a large database, owned by Dun & Bradstreet, containing more than 33 million records from government departments and large corporate clients has been leaked. ZD Net says “Millions of records from a commercial corporate database, owned by Dun & Bradstreet, have been leaked. The database, about 52GB in size, contains just under 33.7 million unique email addresses and other contact information from employees of thousands of companies, representing a large portion of the US corporate population. Dun & Bradstreet, a business services giant, confirmed that it owns the database, which it acquired as part of a 2015 deal to buy NetProspex for $125 million.”
ZD Net further reports that Troy Hunt, who runs breach notification site Have I Been Pwned, obtained the database and analyzed the records.
In a blog post Tuesday, Hunt said the breakdown was entirely US-focused. California was the most represented demographic, with over four million records, followed by New York with 2.7 million records and Texas with 2.6 million records.
Hunt’s analysis of the records showed that the leading organization by records is the Department of Defense, with 101,013 employee records, followed closely by the US Postal Service with 88,153 employee records.
The US Army, Air Force, and Department of Veterans Affairs are all listed with a combined 76,379 records.
AT&T, Boeing, Dell, FedEx, IBM, and Xerox were among the most named companies in the database, with tens of thousands of employee records each.
A spokesperson for Dun & Bradshaw would not talk on the record beyond an emailed statement, sent prior to publication.
“We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system,” the statement read.
The spokesperson said an internal investigation showed that while the data belongs to the company, its own systems were not breached or exposed. The company added that the data was approximately six months old and the bulk data had been sold to “thousands” of other firms.
Dun & Bradstreet downplayed the risk to its customers and those it collects data on. The company said that the data contains “generally publicly available business contact data, used for sales and marketing purposes.” Read the entire article at ZD Net.
PLEASE NOTE: We cannot answer questions regarding this leaked information. PEN