Pdl Data Breach [repack] May 2026

For security professionals, the lesson is clear: audit your third parties as if they were your own infrastructure. For individuals, the takeaway is sobering: your professional profile is likely in dozens of data brokers’ databases, and you have very little control over how they secure it. Use a service like Have I Been Pwned (which includes the PDL dataset) or request a report from PDL’s consumer portal (available for California and EU residents). Last updated: April 2026

Introduction In 2019, a massive data exposure came to light that would redefine how security professionals think about "aggregated" data versus "breached" data. The incident involving People Data Labs (PDL) and its partner, Oxydata , is often cited as one of the largest data exposures in history—not because of a traditional hack, but because of a misconfigured server that left nearly 1.2 billion unique records publicly accessible without a password. pdl data breach