Dun and Bradstreet, specialists in risk management and data protection advice, have confirmed the exposure of one of their databases.
Records kept by the company with details about 33.6 million people were sent to an independent cyber researcher, the technology magazine ZD Net has reported.
The researcher Troy Hunt found the 52GB database contained dozens of details on each person, from job titles to email addresses. It was organised in a way that suggested it had not been hacked but prepared for distribution to a customer.
ZD Net says it was able to confirm that the content belonged to NetProspex, a company Dun & Bradstreet purchased in 2015.
Dun & Bradstreet was investigating the incident last week, when it was not known how the data were exfiltrated.
Dun & Bradstreet told media in a statement that in the company’s analysis there had been no exposure of sensitive personal information from, and no infiltration of, its system, and the information in question was data typically found on a business card.
The files are reported to be from a wide spectrum of government and private entities, with the US Department of Defense most heavily represented, followed by the U.S. Postal Service, ATT&T and Wal-Mart.
Data analyst Troy Hunt commented that the data included were so narrow they would allow a malicious actor to know exactly who to target for spearphishing.
“The value for very targeted spear phishing is enormous because you can carefully craft messages that refer to specific individuals of influence and their roles within the organization,” he wrote.