🔍 Breach Details

  • Nature of the Data Breach: The breach involved the unauthorized extraction and posting of 70 million records from a criminal database. The data includes highly sensitive personal information.
  • Data Fields Exposed:
    • Identifiers: Full name, aliases, SSN, case number, and photo.
    • Demographics: Age, date of birth, sex, race, height, weight, skin tone, eye color, and hair color.
    • Location Data: Birth state, current address (including latitude and longitude), city, state, and ZIP code.
    • Criminal History: Military service, charges filed, offense details, conviction details, sentencing, parole details, probation records, court costs, and fines.
    • Sensitive Dates: Dates of arrest, conviction, sentencing, parole, release, and admission.
  • Distribution: The data was made available for download on a dark web forum, with a link provided to a compressed archive containing the records. Users were advised to rename the file from .zip to .zip before extraction.
  • Threat Actor: The leak was credited to an individual or group known as SXUL, referred to as "The legend <3."

🎭 Threat Actor Profile

  • Username: USD0D
  • Reputation: 881 points on the forum.
  • Posts: 113
  • Threads: 33
  • Joined: July 2023

USD0D is an active member of a dark web forum associated with data breaches. The individual or group self-banned from the forum shortly after posting the breach, which could indicate an attempt to avoid detection or reduce exposure.

⚠️ Impact Analysis

  • Scale: Massive, with 70 million records exposed, potentially affecting a significant portion of the U.S. population.
  • Risk to Individuals:
    • Identity theft due to exposure of personal identifiers.
    • Increased risk of targeted scams and phishing attacks.
    • Potential for misuse of criminal records in employment, housing, and other critical decisions.
  • Risk to Organizations:
    • Legal Consequences: Potential lawsuits from affected individuals.
    • Reputational Damage: Loss of trust from the public and partners.
    • Regulatory Fines: Possible fines from authorities for inadequate data protection measures.
Share this article
The link has been copied!