Cyber Incident Victim: PeopleConnect Holdings Inc.
Date:
Feb 2023
Location:
United States of America
Summary
A data breach at PeopleConnect Holdings Inc. exposed customer information from its TruthFinder and Instant Checkmate background check services, affecting approximately 20 million individuals. The compromised data, originating from an internal 2019 backup, included names, email addresses, phone numbers, encrypted passwords, and inactive password reset tokens. The leak surfaced on a hacking forum after unauthorized access, prompting the company to initiate an investigation with external cybersecurity experts who found no evidence of network intrusion. PeopleConnect attributed the incident to an inadvertent internal leak or theft of historical customer records spanning 2011 to 2019, warning affected users of potential phishing attempts while continuing to assess the situation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 21, 2023, a member of the Breached hacking forum leaked a database backup containing information belonging to approximately 20.22 million customers of TruthFinder and Instant Checkmate, subscription-based background check services owned by PeopleConnect Holdings Inc. The leaked data consisted of two 2.9 GB CSV files containing customer records up to April 16, 2019, with 11,945,733 Instant Checkmate accounts, 8,270,551 TruthFinder accounts, and 4,625 TruthFinder International accounts exposed. According to Breached forum owner Pompompurin, the data originated from an exposed database backup discovered by a forum member. The compromised information included customer email addresses, first and last names, phone numbers, securely encrypted passwords, and expired/inactive password reset tokens. PeopleConnect became aware of the leak when contacted by BleepingComputer and Troy Hunt of Have I Been Pwned earlier in the week of February 21, 2023, prompting an immediate internal investigation.
PeopleConnect confirmed the breach on February 21, 2023, through notices published on both TruthFinder and Instant Checkmate platforms. The company determined the leaked list was created internally several years prior and contained all customer accounts established between 2011 and 2019. While the investigation remained ongoing, preliminary findings suggested an inadvertent leak or theft of the specific list rather than a network intrusion. PeopleConnect engaged a third-party cybersecurity firm to assist with the investigation, which found no evidence of unauthorized network access. The company warned affected customers to remain vigilant against targeted phishing attempts due to the exposure of personal contact information. Troy Hunt incorporated the dataset into Have I Been Pwned, enabling users to verify if their information was compromised. PeopleConnect committed to providing further updates as their investigation progressed but confirmed the breach did not impact accounts created after April 2019 or involve active password reset tokens.