Data of over 20 million TruthFinder and Instant Checkmate users leaked on hacking forum

PeopleConnect, the parent company of TruthFinder and Instant Checkmate background check services, has confirmed it suffered a data breach affecting over 20 customers.

TruthFinder and Instant Checkmate are subscription-based tools that let customers conduct background checks on individuals by reviewing publicly available information from social media, as well as federal, state and court records.

These services are especially popular with employers in the US who may use them to learn more about job applicants’ experience, education, criminal records and online conduct.

On Jan. 21, 2022, according to BleepingComputer, a member of the ‘Breached’ forum posted an ad claiming to offer leaked data of 20.22 million TruthFinder and Instant Checkmate customers who used the services up to April 16, 2019.

The data, shared via two 2.9 GB CVS files allegedly contained information on 11.9 million InstantCheckmate customers, 8.2 million TruthFinder users and 4,625 TruthFinderInternational customers, including:

• Names and email addresses
• Telephone numbers
• Encrypted passwords and password reset tokens

BleepingComputer also said it contacted Pompompurin, the owner of the Breached forum, who confirmed the data was exfiltrated from “an exposed database backup found by a forum member.”

In response to the news, PeopleConnect also confirmed the breach, listing two data breach notices on both website services.

“We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of Instant Checkmate subscribers was being discussed and made available in an online forum,” the notice reads. “We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company.”

What should data breach victims do?

While PeopleConnect is still investigating the breach, users of the company’s background check services should remain vigilant against targeted phishing attacks or any other form of social engineering schemes leveraging the stolen data.

“As a best practice we would recommend that you not respond to suspicious communications,” CheckMate and TruthFinder explained. “We will never ask you for your password, social security number or payment information via email or telephone.”

Nobody is safe from data breaches, which may harm us financially or ruin our online reputation.

Check now whether your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection. The dedicated identity protection service helps you stay on top of data breaches and privacy threats, with 24/7 monitoring and instant alerts whenever your personal information is at risk.