What happened
According to public breach records, the Public Business Data data breach on August 19, 2021 is reported to have exposed the personal information of 27,917,714 accounts.
In approximately August 2021, hundreds of gigabytes of business data collated from public sources was obtained and later published to a popular hacking forum. Sourced from a customer of Bureau van Dijk's (BvD) "Orbis" product, the corpus of data released contained hundreds of millions of lines about corporations and individuals, including personal information such as names and dates of birth. The data also included 28M unique email addresses along with physical addresses (presumedly corporate locations), phone numbers and job titles. There was no unauthorised access to BvD's systems, nor did the incident expose any of their or parent company's Moody's clients.
In approximately August 2021, hundreds of gigabytes of business data collated from public sources was published to a popular hacking forum, comprising roughly 27.9 million records that included names, dates of birth, 28M unique email addresses, physical addresses (presumed corporate locations), phone numbers and job titles. The corpus was sourced from a customer of Bureau van Dijk's (BvD) "Orbis" product rather than from BvD's own systems. The disclosure states there was no unauthorised access to BvD's systems, and the incident did not expose any BvD or Moody's (parent company) clients — making this a third-party aggregation surfacing from a customer environment rather than a breach of the company itself.
What data was exposed
The following types of personal data were compromised:
- Dates of birth
- Email addresses
- Job titles
- Names
- Phone numbers
- Physical addresses
Breach details
| Detail | Value |
|---|---|
| Breach name | Public Business Data |
| Date | August 19, 2021 |
| Accounts affected | 27,917,714 |
| Domain | bvdinfo.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Public Business Data; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Treat unsolicited emails and calls referencing your job title, employer, or business address as potential targeted phishing or business-email-compromise lures, and verify any payment or credential request through a known channel before acting.
- Be alert to identity-profiling attempts that combine your name, date of birth, and address — never confirm or supply additional identifiers (SSN, account numbers) in response to inbound contact.
- Add your exposed phone number to a contact you can screen, and watch for smishing texts and vishing calls that cite the leaked business details to appear legitimate.
- Where this data is your personal information mingled with corporate records, request removal from the people-search and data-broker sites that may have re-aggregated it.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →