Data Enrichment Records
What Happened
In December 2016, more than 200 million "data enrichment profiles" were found for sale on the darknet. The seller claimed the data was sourced from Experian and whilst that claim was rejected by the company, the data itself was found to be legitimate suggesting it may have been sourced from other legitimate locations. In total, there were more than 8 million unique email addresses in the data which also contained a raft of other personal attributes including credit ratings, home ownership status, family structure and other fields described in the story linked to above. The email addresses alone were provided to HIBP.
Compromised Data
Recommended Actions
Monitor for Suspicious Activity
Watch for unusual login attempts, spam and phishing emails.
Breach Overview
-
Affected Accounts:
8.2 million
-
Breach Occurred:
December 2016
-
Added to HIBP:
8 Jun 2017
Breach Classification
Some breaches may be flagged as "unverified". In these cases, whilst there is legitimate data within the alleged breach, it may not have been possible to establish legitimacy beyond reasonable doubt.
Unverified breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web.
Recommended Actions
Change Your Password
If you haven't changed your Data Enrichment Records password since 2016, do so immediately.
Enable Two-Factor Authentication
Add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts or messages from your account.
