A hacker has put up a dataset containing the personal details and driver's license information of 290,000 U.S. citizens for sale on the dark web. Softpedia reports that the hacker, who goes by the name "NSA," stole the information after breaching several organizations based in Louisiana. Once inside of the organizations' networks, NSA exfiltrated the information from several databases containing criminal records. Most of the data related to driving offenses committed by Louisiana residents, but some pieces of information allegedly involved non-Louisiana residents and more serious crimes including murder. Per the hacker's own explanation, as replicated by International Business Times UK:
"Within the database, you'll find that there are records that aren't of Louisiana origin like Texas or Delaware, this is due to tourists, travellers, etc. or the individual may simply be in Louisiana without a Louisiana DL."
The stolen records are said to contain an individual's name, address, data of birth, ZIP code, email address, phone number, driving offense, fine total, driver's license number, and state in which the license was issued. A majority of those affected by the breach have birthdays in the year 1983, though the dataset also contains information about teenagers and senior citizens. NSA is currently offering 290,000 of those records for sale on The Real Deal, the same dark web marketplace where another hacker known as "Peace" is selling a database of 167 million LinkedIn accounts, including the emails, hashed and (in many cases) already cracked passwords of 117 million users.
Unlike Peace, who has sold multiple data dumps in the past on the underground forum, NSA has no reputation or "positive feedback" on the site, which could make it difficult for them to sell the data. For that reason, they are displaying a sample driver's record to help lend credence to the dataset's authenticity. Additionally, while they are offering the data for sale at a value of 21 million BTC, which is about $1.215396 billion USD, NSA is also telling potential customers they are willing to consider lower offers:
"Disregard the price on this listing. Make me an offer that you and I can both agree to and I'll create a private listing that you can use to purchase this database. Don't bother contacting me if you're going to hit me with lowball offers."
News of this breach follows close to two years after 300,000 people's personal information and driver's license information was left on a server publicly accessible from the web.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
