Brinztech Alert: 10 Million Records from FirstTwo.com Leaked

Dark Web News Analysis

A large and highly sensitive database, allegedly originating from the data provider FirstTwo.com, has been leaked on a cybercrime forum. The scale of the breach is significant, reportedly affecting approximately 10 million people across the United States. The compromised data, formatted in a JSONL file, contains a core set of Personally Identifiable Information (PII), including full names, physical addresses, phone numbers, and dates of birth.

A database of this nature, containing the key components of an individual’s identity, is a powerful tool for cybercriminals and enables fraud and scams on a national scale. This aggregated PII is particularly potent because it comprises the exact information frequently used in Knowledge-Based Authentication (KBA)—the “secret questions” many services use to verify a person’s identity. Criminals can use this data for mass phishing and smishing (SMS phishing) campaigns, widespread identity theft, doxxing, and creating synthetic identities for financial fraud.

Key Cybersecurity Insights

This data leak presents a critical, nation-wide threat to individuals and businesses in the United States:

• Widespread Risk of Identity Theft and Fraud: The availability of a large, centralized database containing the core PII for 10 million individuals places them at a significantly increased risk of fraud. This data can be used by criminals to open fraudulent lines of credit, take over existing online accounts, and commit other forms of identity-related crimes on a mass scale.
• Fuel for Highly Targeted Phishing and Social Engineering Campaigns: With a comprehensive list of PII, threat actors can launch nationwide phishing, vishing (voice phishing), and smishing campaigns. These attacks can be customized to impersonate well-known US entities like the IRS, major banks, or healthcare providers, using the leaked personal data to make the scams highly convincing and effective.
• Compromise of Knowledge-Based Authentication (KBA): The specific combination of leaked data—full name, address, date of birth—is often used for KBA questions to verify a user’s identity during password resets or account recovery processes. Attackers can now easily use this data to defeat these static security measures and gain unauthorized access to victims’ accounts.

Mitigation Strategies

In response to this national-level threat, a coordinated response from government, businesses, and individuals is required:

• Issue a National Public Service Announcement on Fraud: US authorities, such as the Federal Trade Commission (FTC) and the Cybersecurity and Infrastructure Security Agency (CISA), should consider issuing a public service announcement. This should warn citizens of a potential increase in sophisticated phishing and identity theft attempts, providing clear examples of current scams and guidance on how to report them and protect their accounts, for example, by placing a freeze on their credit reports.
• Strengthen Customer Verification and Fraud Detection: All businesses serving US customers, especially those in the financial, retail, and healthcare sectors, must place their fraud detection and account monitoring systems on high alert. They should be prepared for an increase in account takeover attempts and fraudulent new account openings and should accelerate plans to move away from relying solely on static PII for identity verification.
• Adopt Stronger Authentication and Increased Vigilance: Individuals must take proactive steps to protect themselves. This includes enabling Multi-Factor Authentication (MFA) on all sensitive online accounts (email, banking, etc.), creating strong and unique passwords for each service, and treating all unsolicited emails, text messages, and phone calls that ask for personal information with extreme skepticism.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For new inquiries or to report this post, please email us: contact@brinchtech.com