Background check firm MC2’s breach a cause for concern, experts say

You might want to get that checked.

Cybernews revealed September 23 that background check company MC2 Data had exposed a database with 2.2 TB of sensitive user data, potentially compromising the personal information of around 100 million Americans.

To understand how cybersecurity professionals are assessing the hack’s potential dangers, IT Brew spoke with three cybersecurity experts for their take on the hack and what consumers and IT professionals can do to protect themselves.

Taking aim. “I think one of the reasons people need to be concerned is that they can now easily prioritize high-value targets,” Gary Orenstein, chief customer officer at Bitwarden, told us.

Orenstein said that the amount of information exposed is intimidating—but that the danger is that attackers may comb through the data for big targets. The records could contain passwords and other identifying information.

“What happens now, with the adversary, is they know a current email address of a high value target, and they can just start launching phishing campaigns or trying credential stuffing attacks,” Orenstein said. “If they got one password somewhere, does that password also work on other websites, or do variations of that password also work on other websites?”

Check your six. The MC2 breach is symptomatic of overall threat trends that show annual increases in attacks and breaches on a consistent basis across industries and threat surfaces. In an email, Guardio Head of Data Efrat Tabibi told IT Brew that the MC2 hack is “a reminder to always assume that sensitive information might be compromised and to take proactive measures.”

“To protect yourself, it’s essential to use security tools that can detect phishing, alert of potential data breaches, and provide real-time protection,” Tabibi wrote. “With the increasing sophistication of attacks, having the right tools in place is no longer optional—it’s critical.”