What Happened
In 2019, specifically around April 12-16, Instant Checkmate (owned by PeopleConnect, alongside TruthFinder) suffered a data exposure incident involving a backup database created that year, which was later leaked publicly on the Breached hacking forum on January 21, 2023, affecting approximately 11.9 million Instant Checkmate customer accounts (part of a larger 20.2 million records including 8.3 million TruthFinder users). The compromised data, shared in two 2.9 GB CSV files, included full names, email addresses, phone numbers, and securely hashed passwords (using scrypt) for accounts created between 2011 and 2019, with no evidence of a direct breach of active networks but rather an inadvertent leak or theft of the backup. PeopleConnect confirmed the incident in early 2023 after notifications from researchers like Troy Hunt, engaged a third-party firm, warned users of phishing risks, and saw the data added to Have I Been Pwned.
