PDL / OXY Data Breach
12/3/2019 Initial Info:
On December 1st we were alerted of a large breach of information contained in the PDL and OXY database. The source of this data breach is still unknown.
The details are still somewhat unclear, but here is what we know. A researcher discovered open databases on October 16th. These databases contained data from two companies, People Data Labs (PDL) and OxyData.Io (OXY).
Both PDL and OXY are “Data Enrichment” companies. They conduct legitimate and legal activities to collect information about people and offer their data for sale to third parties. This data could be used for many purposes, including direct marketing, or more sophisticated data research activities.
PDL and OXY were not breached, and they did not leak your information. This information was leaked as a result of poor security by an undisclosed customer who purchased the lists from PDL and OXY.
The information from PDL included approximately 1.2 billion unique people and 650 million email addresses. The OXY data contained approximately 380 million people, mostly LinkedIn data. At this time, there has not been any attempt to cross-compare the PDL and OXY data for duplicates. It is safe to assume that a significant portion of the US population is in this data. The data that was breached could include:
- First and Last Name
- Email address (business and/or personal)
- Phone Number(s)
- URL for Facebook, Twitter, and LinkedIn
There have been extensive attempts to determine the person or company that caused these records to leak, without success. There will likely be further attempts, but this could take a year or more to bear fruit. When more relevant information is available, Worksighted will update you. Likely the party responsible for this breach has reporting requirements, but as of now, they remain anonymous, so there are no current ways to force them to comply with these reporting requirements.
Additionally, at this time there is no action that can be taken by the affected individuals. This information cannot be reclaimed. At this time, this notice is informational only. We feel that it is important to monitor and alert individuals of data breaches, even if there are no available solutions.
We will keep this post updated with any relevant information as it becomes available.