A publicly accessible database linked to SL Data Services, LLC, was discovered to be unsecured, lacking both password protection and encryption. The exposed data included 644,869 PDF files, totaling 713.1 GB, and contained sensitive records such as court documents, vehicle data (license plates and VINs), property ownership information, and a significant number of background check reports. These files revealed detailed personal information, including names, addresses, phone numbers, email addresses, employment details, family relationships, social media profiles, and criminal histories.
Scale and Nature of the Breach
Approximately 95% of the reviewed documents were labeled as background checks. A sampling of uniquely named individuals showed matches between their listed home addresses and the information in the records, suggesting the database contained accurate and highly personal details. This level of exposure raises critical privacy concerns.
The database appeared to be connected to a network of approximately 16 websites run by SL Data Services, LLC, offering various data and information services. One site, Propertyrec, which specializes in real estate research, was specifically referenced in the database’s naming structure.
During the week the database remained unsecured after its discovery, the number of documents increased significantly, growing by 151,058 files. Despite multiple responsible disclosure attempts, SL Data Services did not respond, and public access was only restricted after more than a week.
Uncertainty Surrounding the Exposure
It is unknown how long the database was publicly accessible or whether any unauthorized parties accessed it before it was secured. Efforts to contact SL Data Services for clarification or comment were unsuccessful. Whether the database was directly managed by SL Data Services or a third-party contractor also remains unclear. Determining the extent of the exposure and identifying any suspicious activity would require an internal forensic audit.
Implications for Privacy and Security
The background check data breach reveals the risks associated with improperly secured databases, especially those containing detailed personal profiles. The exposed data could potentially be exploited for identity theft, phishing, or other malicious activities. This incident underscores the importance of robust security measures and heightened accountability for organizations handling sensitive information.
Despite repeated efforts, SL Data Services has not provided any response or explanation regarding the breach. For now, the true scope of the exposure and its impact on affected individuals remain unresolved.