Researchers have discovered a huge data leak originating from background check firm MC2 Data, which apparently left a 2.2TB database online without a password, freely accessible to anyone on the internet.

The team at Cybernews says the data is said to have included the private information of 106,316,633 US citizens, almost a third of the nation's population. As a background check company, MC2 Data held personally identifiable information on a range of people - including names, addresses, phone numbers, legal records, employment history, and more.

The researchers suggest the leak was likely caused by human error, as it contained the information not just of those who had background checks performed, but also of over two million users who had subscribed to M2C Data services.

Inadequate protections

The event is the second huge data leak from a background check company in the last two months, with an August 2024 report confirming National Public Data suffered a data breach which sparked class actions for putting many at risk of identity theft.

“Background-checking services have always been problematic, as cybercriminals would often be able to purchase their services to gather data on their victims," said Cybernews researcher Aras Nazarovas. “Such a leak is a goldmine for cybercriminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively”

Particularly concerning is the threat to the subscribers whose information was exposed, since they are likely to be higher value targets such as employers or law enforcement. With such a huge number of people exposed, the breach underlines the importance of robust security and privacy practices - we've listed the best antivirus software to help keep your information secure.

More from TechRadar Pro