The personal data of more than 33 million employees from US-based organizations was found lying unprotected on the web, reports Help Net Security. The leaked information, available on Troy Hunt's Have I Been Pwned service, had been compiled by US business service firm Dun & Bradstreet (D&B), which sells commercial data to businesses.
Security researcher Hunt got the data from a reportedly reliable source, and it is believed that it may have been stolen from the unprotected database of a D&B customer. The information includes personal details such as email addresses and company information. Affected employees include those of the Department of Defense, US Postal Service, AT&T, FedEx, Citigroup and others.
"In terms of where this data specifically came from, D&B don't believe it was directly from one of their systems and with thousands of customers purchasing this information, we may well never know who lost it," says Hunt.
Although the leaked data was not classified, it carries the risk of misuse by cybercriminals who aim to impersonate employees and get their hands on more sensitive information.
Read more on Help Net Security.