By - CyberNews researchers discover data leak belonging to Valley News Live
- An unprotected dataset with 1.8 million records has been discovered
- The data primarily affects job applicants to the firm
An unprotected dataset has been discovered online containing 1.8 million files, including over a million CVs.
The dataset was discovered by CyberNews researchers, who suspect that the data comes from Valley News Live’s job portal, which attracts up to 250,000 monthly visitors.
Researchers confirmed the personally identifiable information (PII) exposed contained full names, phone numbers, email addresses, home addresses, social media links as well as employment and education backgrounds.
Applicants at risk
Valley News Live is a television station based in Fargo, North Dakota, and is owned by Gray Media, a large conglomerate which owns or operates 180 stations across the US in 113 markets – and is the third-largest broadcaster in the US.
Anyone who has recently touched up their CV can probably understand just how much danger that might put a victim in, as the amount of PII required to build them could easily put someone in danger of social engineering attacks or identity theft.
The researchers warned many of the discovered CVs spanned numerous years, covering a period between 2017 and 2024, which outlines just how many are at risk.
The dataset was discovered online on August 31, 2024, and the initial disclosure notice was sent to the firm on September 17, 2024.
“The exposed data includes highly sensitive personal identifiers, creating numerous attack vectors for cybercriminals, where personal information can be used to create synthetic identities or fraudulent accounts,” the researchers said.
Anyone who has applied for a job at the firm or who believes they might be at risk from this or any leak, should be vigilant in monitoring their cards, and should be extra careful when receiving any unexpected communications.
For businesses, our full advice on what to do after a data breach can be found here.
