A database containing more than 33 million records of corporate and government employees has been leaked online from a huge commercial corporate database which includes information like names, job titles and functions, work email addresses and phone numbers of employees from the Department of Defense, US Postal Service, Wal-Mart, telecoms giant AT&T and Ohio State University.
Data of 100,000 defence employees is reported to be leaked. Over 88,000 employees with the US Postal Service, more than 6,000 with AT&T, over 55,000 with Wal-Mart, more than 40,000 with CVS, over 38,000 with the Ohio State University, over 35,000 with Citigroup, more than 34,000 with Wells Fargo Bank, over 34,000 with Kaiser Foundation Hospitals and over 33,000 with IBM have been affected.
Troy Hunt, who published news of the leak, said the information had “enormous” potential for scammers. The database belongs to Dun & Bradstreet which licenses information on businesses and corporations for use in credit decisions, business-to-business marketing, and supply chain management. In 2013, they held over 225 million business records from companies around the globe.
Marketers use the database to contact current and prospective customers. In this case, the records were originally compiled by NetProspex, which was acquired by Dun & Bradstreet in 2015. An internal investigation showed the firm had not suffered a security breach, meaning the leak could have come from one of its thousands of customers.
It’s still unclear how the data was exposed. A spokesperson for Dun & Bradstreet, a business services agent that own the database, told ZDNet in a statement that the database wasn’t “accessed or exposed” through the company’s system.
The company said that no sensitive information was compromised and the details leaked are that available on a business card.