Data breach impacts over 20M TruthFinder, Instant Checkmate customers

BleepingComputer reports that U.S. subscription-based background check services TruthFinder and Instant Checkmate had their systems impacted by a data breach, resulting in the exposure of data from 20.22 million customers who used the services until April 16, 2019, in a hacking forum. Attackers were able to steal two 2.9 GB CSV files containing data from more than 11.9 million Instant Checkmate users, more than 8.2 million TruthFinder users, and 4,625 TruthFinder International users, with the exposed data including first and last names, email addresses, phone numbers, and hashed passwords. Moreover, the data was noted by Breached forum owner Pompompurin to be exfiltrated from an exposed database backup. "We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers was being discussed and made available in an online forum. We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company," said PeopleConnect, the parent company of both compromised firms.