Three major U.S. data providers said on Wednesday they were victims of cyber attacks, after a cybersecurity news website linked the breaches to a group that sells stolen social security numbers and other sensitive information.
An FBI spokeswoman said the bureau was investing the breaches but declined to elaborate.
The disclosures, by Dun & Bradstreet Corp, Altegrity Inc's Kroll Background America Inc and Reed Elsevier's LexisNexis Inc, came after website KrebsOnSecurity first reported the breaches.
The site said the attacks were masterminded by a cybercrime ring that sold stolen data such as credit reports through the website ssndob.ms, or SSNDOB.
The ring offered social security numbers, birthdays and other personal data of U.S. residents for between 50 cents and $2.50 per record, KrebsOnSecurity reported. Credit reports and background checks cost between $5 and $15, the cybersecurity site reported after a seven-month investigation into SSNDOB.
KrebsOnSecurity said the group placed malicious software on servers at LexisNexis as early as April 2013, suggesting that the attackers had access to its internal networks for at least five months.
SSNDOB administrators operated a small botnet, or group of infected computers remotely controlled by hackers, that was in direct communication with computers inside several large U.S. data brokers, the KrebsOnSecurity report said.
Five hacked servers were identified by examining the web interface used to control the botnet. Two of them were inside LexisNexis, two at D&B, and one at Kroll Background America.
"There are grave implications here from a privacy perspective," said Alex Holden, a cyber forensics expert who served as a consultant to the publication during the investigation.
Two of the victims declined to comment on the potential theft of data, saying they were investigating the attacks to find out exactly what happened. A third, LexisNexis, said it has so far found no evidence of theft.
"To date (we) have found no evidence that customer or consumer data were reached or retrieved," a LexisNexis representative said in a statement.
D&B spokeswoman Michele Caselnova said her firm was "aggressively investigating" the attack.
"Data security is a company priority and we are devoting all resources necessary to ensure that security," she said.
Kroll Background America spokesman Ray Howell said the company was working with external forensics experts to investigate the source and "impact, if any," of malicious software found on web servers at a Nashville, Tennessee data center.
(Reporting by Jim Finkle; Editing by Edwin Chan and Stephen Coates)