Defense Department, U.S. Postal Service Employee Records Exposed in Marketing Database Leak
Misplaced data; Spear-phishing
A marketing database of millions of U.S. corporate employees includes the records of Defense Department, U.S. Postal Service and other federal government and military personnel.
Business services company Dun & Bradstreet confirmed to ZDNet it owned the database, which it said it sold to “thousands” of other firms for marketing purposes, but the exposure wasn’t from its systems.
The 52.2GB file included 33.7 million email addresses, as will as some names, job titles, phone numbers and other contact information for people at U.S.-based corporations. It also included data about the companies, like number of employees and location.
The personally identifiable information for more than 100,000 DOD employees and more than 88,000 U.S. Postal Service employees, as well as U.S. Army, Air Force and Veterans Affairs Department personnel, were included.
“When you look at that list and ask ‘How would the US military feel about this data - complete with PII and job title - being circulated,’ you can't help but feel it poses some serious risks,” wrote Troy Hunt, a researcher behind the Have I Been Pwned breach database, who analyzed the data.
Such detailed information about companies can help bad actors create very targeted spear-phishing campaigns.
Defense Industrial Base; Government (U.S.)
March 15, 2017
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected