NetProspex 2016 Data Breach

NetProspex Dun & Bradstreet B2B Marketing Database Breach (2016): 33 Million Professional Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Data BrokerEmail AddressEmployerFull NameJob InformationPhone NumberPhysical Address
Low SeverityWebsite / service breach

NetProspex Dun & Bradstreet B2B Marketing Database Breach (2016): 33 Million Professional Contact Records Exposed

B2B marketing data service (now part of Dun & Bradstreet).

Verified by ObscureIQ Intelligence
19/100Breach Risk Index
10Data Value
10Market Recency
3330dSince Breach

Breach Intelligence Summary

Entity: NetProspex · Actor: Unknown · Sources: 8 references
Attack: Unknown
Profile: Data Broker · B2B contact data aggregation and sales intelligence · Marketing data broker and lead intelligence provider · USA
Timeline: Breach (2016-09-01) · Indexed (Mar 15, 2017) · Year (2016)
Exposure: 33.7M records · 6 fields: Email Address, Employer, Full Name, Job Information, Phone Number, Physical Address
Status: Confirmed

Executive Summary

NetProspex, a B2B marketing database service operated by Dun & Bradstreet, exposed 33.7 million professional records when the data leaked online in 2016. The company did not suffer a direct system breach. Instead, Dun & Bradstreet concluded that a customer who had purchased the dataset lost control of it, allowing the records to circulate publicly. The individuals in the database had no direct relationship with NetProspex; their contact information had been aggregated from various sources and packaged as a commercial marketing asset. The exposed records included names, email addresses, job titles, employer names, phone numbers, and physical addresses, all organized specifically for outbound business targeting. That structure is what makes the exposure particularly useful to bad actors. A dataset pre-sorted by employer, role, and contact details provides ready-made material for spearphishing campaigns, executive impersonation, and business-focused fraud at scale. No formal notifications were issued to affected individuals, which is consistent with how B2B data brokers operate: the people whose information is sold are third parties, not customers, and are generally outside the scope of standard breach notification obligations. For those whose records appeared in the dataset, the practical risk is ongoing. The data remains well-suited to targeted phishing and social engineering attacks, particularly those crafted to appear as legitimate business communications.

ObscureIQ assessment: High risk because the records are organized for outbound targeting. Exposure enables spearphishing, impersonation, and large-scale business-focused fraud.

Breach Impact

In 2016 a corpus of approximately 33.7 million records sourced from D&B's NetProspex service leaked online. The exposed data included names, email addresses, employers, job titles, phone numbers, and physical addresses of professionals across corporate America. Dun & Bradstreet confirmed the leak but attributed the exposure to a customer who had purchased the data and subsequently lost control of it rather than to a breach of D&B's own systems. The distinction matters: the individuals in the dataset had no direct relationship with NetProspex. Their information was aggregated from various sources and sold as a commercial asset. No formal notification was issued to affected individuals, consistent with the B2B data broker model where the subjects of the data are third parties rather than customers.

About NetProspex

NetProspex was a B2B marketing data service that compiled and sold contact information for professionals across corporate America, including names, job titles, employer names, phone numbers, email addresses, and physical addresses. The company was acquired by Dun & Bradstreet in 2015 and operated as part of D&B's data and analytics portfolio. It is not a consumer-facing brand — its records represent professionals whose contact information was aggregated for B2B marketing purposes.

Why They Hold Your Data

Marketing data brokers aggregate business contact records, job titles, company profiles, emails, and phone numbers into lead-intelligence products for B2B targeting.

Recent Developments

NetProspex has been absorbed into Dun & Bradstreet's broader data and analytics product suite and no longer operates as a distinct standalone brand. D&B has continued to expand its B2B data and intelligence services.

Data Points Exposed

6 verified field types
Email Address
Employer
Full Name High
Job Information
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Employment-based social engineering using job and employer data
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Business Email Compromise seeding
  • Name-based social engineering
  • Vishing & authority impersonation
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the NetProspex breach?

NetProspex, a B2B marketing database service operated by Dun & Bradstreet, exposed 33.7 million professional records when the data leaked online in 2016. The company did not suffer a direct system breach. Instead, Dun & Bradstreet concluded that a customer who had purchased the dataset lost control…

What data was exposed?

Verified fields include Email Address, Employer, Full Name, Job Information, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachAware
Independent catalogue listing
Cross-source
BreachDirectory
Independent catalogue listing
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
Leak-Lookup
Independent catalogue listing
Cross-source
LeakCheck.io
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation