The parent company for TruthFinder and Instant Checkmate, PeopleConnect, confirmed this week that it suffered a massive data breach. Data was stolen from every customer who created an account between 2011-2019.
The two websites allowed users to run background checks on other people by combing through publicly available data from social media accounts, state and federal court records, criminal records, and more. They’re subscription-based tools are mostly used by businesses looking to run cost-effective background checks on employees — though their services are available for anyone to use.
Both companies released an identical notice detailing the wide-reaching scope of the breach.
“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company,” TruthFinder and Instant Checkmate said in a release on each of their websites.
The leaked information includes customers’ first and last names, phone numbers, email addresses, and even hashed passwords. The company is assuring customers that payment details haven’t been leaked but to be wary of scams.
“The published list in question does not evidence user activity, such as queries or reports on our system, and does not appear to involve leakage of payment information, readable or usable passwords or other means to compromise user accounts,” the report said. “Nevertheless, as a best practice, we would recommend that you not respond to suspicious communications. We will never ask you for your password, social security number or payment information via email or telephone.”
The company has been working with a third-party cybersecurity firm to investigate the leak and fortunately, they report that there’s no sign of a current breach.
According to Bleeping Computer, Troy Hunt (who first contacted PeopleConnect about the breach) published the leaked data on the Have I Been Pwned database so anyone can check if they’ve had their information exposed.