Good luck keeping the past private now —criminal records of millions of Americans leaked online in major database breach

News
By
published

No one knows where the data came from

A hacker typing on a MacBook laptop with code on the screen.
(Image credit: Sora Shimazaki / Pexels)

Bad news for an Americans looking to keep their illegal pasts behind them, as researchers have flagged the leak of sensitive information on millions of convicted felons.

Malwarebytes has published a blog post detailing how a group of cybercriminals leaked a database containing criminal records of millions of Americans, thought to contain 70 million rows of data.

Given how Malwarebytes worded the announcement, we can assume its researchers did not have direct access to this database. Still, it was said that it contained people’s full names, dates of birth, known aliases, postal addresses, dates of arrest, dates of conviction, sentences, and more.

Building a new leaks site

The database is quite fresh, holding data generated between 2020 and 2024. Each row represents a single felony, not a record of all the crimes a person may have committed.

The data was leaked by two known cybercriminals - EquationCorp and USDoD.

The latter, according to the researchers, is a “high-profile player” in the field of data leaks, allegedly closely associated with Connor Fitzpatrick, AKA Pompompurin. 

For those who haven’t been paying attention, Pompompurin was the owner and master administrator of BreachForums, the world’s most popular underground forum for sharing stolen and leaked data, malware, and other warez. The forum was recently dismantled, and Fitzpatrick arrested.

Malwarebytes claims USDoD is planning on building a new leak forum similar to BreachForums, and that pushing this data out there could be a PR stunt to draw attention and raise interest in the new site. 

At this time, it is unknown from whom the hackers stole this data, when, or how. 

In any case, our American readers with a criminal history should pay attention to the emails they’re getting, especially if they mention criminal convictions, carry attachments and links, or demand urgent action. Hackers are likely to exploit the database in phishing and social engineering attacks.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.