This week’s Cyber Intelligence House Leak of the Week spotlights a serious breach affecting U.S. individuals, with wide-reaching implications for financial institutions, employers, and consumers. The dataset, titled “1 Million US Fullz + Banking Details”, was leaked on DarkForums by a user operating under the alias “USD”.
A 219.3 MB .xlsx file was made publicly accessible via Mega.nz, containing highly sensitive personal and financial data on U.S.-based individuals. The dataset comprises full identity records — known as “fullz” — which are frequently used by cybercriminals for identity theft, fraud, and social engineering attacks.
Each entry within the spreadsheet includes the following data points:
– Full Names
– Social Security Numbers (SSNs)
– Dates of Birth
– Physical Addresses
– Email Addresses
– Driver’s License Numbers
– Employment and Income Information
– Bank Account Details (account numbers, bank names)
No obfuscation, encryption, or tokenization was applied to the original data, confirming the dataset’s suitability for immediate misuse.
Implications For Individuals
– Identity Theft Risk: Exposure of SSNs, birth dates, and driver’s licenses opens paths for fraudulent credit applications and impersonation.
– Bank Fraud: Leaked routing and account numbers can lead to unauthorized transactions or account takeovers.
– Employment Exploitation: Listing of real employers may facilitate phishing or impersonation using workplace trust.
Implications for Institutions
– Employers: May face reputational harm or internal security risks from impersonated employees.
– Financial Institutions: Must verify the integrity of accounts listed in the breach and assist victims in fraud prevention.
Recommendations
For MSSPs and Threat Intelligence Teams:
– Integrate leaked SSNs, emails, and account numbers into detection feeds.
– Monitor for signs of synthetic identity fraud and credential stuffing attempts.
For Financial Institutions and Employers:
– Proactively contact affected individuals.
– Review internal logs for signs of account abuse or access attempts.
For Affected Individuals:
– Place a credit freeze with major bureaus.
– Monitor bank activity and enable alerts for suspicious transactions.
– Use identity protection services to receive real-time breach notifications.
This breach represents a high-value dataset containing complete, unredacted profiles of U.S. individuals. Given the financial and personal nature of the exposure, the dataset should be considered active threat intelligence. MSSPs and institutions are urged to act immediately to protect clients, systems, and brand reputation.