Public Business 2021 Data Breach

Orbis Business Intelligence Database Breach: 27M Executive Records Including DOB & Job Titles | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Data BrokerDate of BirthEmail AddressFull NameJob InformationPhone NumberPhysical Address
Low SeverityWebsite / service breach

Orbis Business Intelligence Database Breach: 27M Executive Records Including DOB & Job Titles

Orbis database of executive contact data, operated by Bureau van Dijk (Moody's)

Verified by ObscureIQ Intelligence
24/100Breach Risk Index
14Data Value
10Market Recency
1003dSince Breach

Breach Intelligence Summary

Entity: Public Business · Actor: Unknown · Sources: 2 references
Attack: Unknown
Profile: Data Broker / Business Intelligence Exposure · Public business records and executive identity data · Public-business intelligence corpus sourced from Orbis customer data · Global
Timeline: Breach (2021-08-01) · Indexed (Oct 09, 2023) · Year (2021)
Exposure: 27.9M records · 6 fields: Date of Birth, Email Address, Full Name, Job Information, Phone Number, Physical Address
Status: Confirmed

Executive Summary

Around August 2021, hundreds of gigabytes of business data compiled from public sources via Bureau van Dijk’s Orbis product were obtained from a BvD customer and later published on a hacking forum. The corpus (around 426GB / 484 million lines) contained 27,917,714 unique email addresses along with names, phone numbers, dates of birth, physical (largely corporate) addresses, job titles, company names, and some tax identifiers. BvD stated its own systems were not breached.

ObscureIQ assessment: High risk because the data is already organized for entity resolution and business targeting. Exposure enables executive profiling, spearphishing, and business relationship mapping at scale.

Breach Impact

The business-contact and identity data supports large-scale spear-phishing and business-email-compromise reconnaissance; because it is aggregated from a data-broker product, individuals had no direct relationship with the source.

About Public Business

Bureau van Dijk, a Moody’s company, aggregates business and corporate information (including its Orbis product) covering companies and associated individuals worldwide.

Why They Hold Your Data

Public-business intelligence corpora aggregate executive identity, company records, corporate ownership, and public-business profile data into searchable commercial datasets.

Recent Developments

Bureau van Dijk stated there was no unauthorized access to its own systems; the leaked corpus came from a customer of its Orbis product and was published to a hacking forum.

Data Points Exposed

6 verified field types
Date of Birth High
Email Address
Full Name High
Job Information
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • Identity verification bypass using name + date of birth combination
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Employment-based social engineering using job and employer data
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Vishing & authority impersonation
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Public Business breach?

Around August 2021, hundreds of gigabytes of business data compiled from public sources via Bureau van Dijk’s Orbis product were obtained from a BvD customer and later published on a hacking forum. The corpus (around 426GB / 484 million lines) contained 27,917,714 unique email addresses along with…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Job Information, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation