March 15, 2017 – the database contains more than 33 million records from government departments and large corporate clients which get sold onto marketers.
NEW YORK — Millions of records from a commercial corporate database have been leaked.
The database, about 52GB in size, contains just under 33.7 million unique email addresses and other contact information from employees of thousands of companies, representing a large portion of the US corporate population.
Dun & Bradstreet, a business services giant, confirmed that it owns the database, which it acquired as part of a 2015 deal to buy NetProspex for $125 million.
This entire database is used for marketers who want to directly target their own email campaigns and through other communications methods for current and prospective customers.
The data can be bought either in bulk or by type of record by companies, but it’s not known exactly how much the going rate is for a full data set of this size. We understand from a 2015 brochure that the cost of accessing a half-million records can cost some firms up to $200,000.
In a blog post Tuesday, Hunt said the breakdown was entirely US-focused. California was the most represented demographic, with over four million records, followed by New York with 2.7 million records and Texas with 2.6 million records.
Hunt’s analysis of the records showed that the leading organization by records is the Department of Defense, with 101,013 employee records, followed closely by the US Postal Service with 88,153 employee records.
A spokesperson for Dun & Bradshaw would not talk on the record beyond an emailed statement, sent prior to publication.
“We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system,” the statement read.
The spokesperson said an internal investigation showed that while the data belongs to the company, its own systems were not breached or exposed. The company added that the data was approximately six months old and the bulk data had been sold to “thousands” of other firms.
Dun & Bradstreet downplayed the risk to its customers and those it collects data on. The company said that the data contains “generally publicly available business contact data, used for sales and marketing purposes.”