Dark-Web Forum Post Claims Infutor Leak Exposing 676 Million Consumer Records

A threat actor using the handle "Spirigatito" posted what security researchers are calling one of the largest alleged consumer data exposures in history, claiming to have leaked 676,798,866 unique records tied to Infutor, a major consumer identity and data brokerage firm.

The post surfaced on a prominent underground forum between March 8 and 9, 2026, and the dataset circulated rapidly through dark-web channels within hours. Security firms flagged the listing almost immediately, with analysts confirming the sheer scale of the claimed trove places it among the most significant data broker breaches ever documented, if verified.

The dataset allegedly contains Social Security numbers alongside the breadth of consumer identity data that Infutor has historically compiled: names, addresses, phone numbers, email addresses, and demographic profiles assembled from hundreds of commercial and public sources. Infutor, which markets itself to brands and financial institutions for identity resolution and fraud prevention, holds records on virtually the entire adult population of the United States.

That function is precisely what makes this breach claim so alarming. Unlike a hack of a single retailer or health provider, a breach of an identity broker represents a wholesale compromise of the connective tissue of consumer data. Infutor's product is identity itself, and the records it holds are specifically curated to be comprehensive, accurate, and linkable across data sources. An adversary with access to such a dataset would have the raw material needed to conduct large-scale identity fraud, targeted phishing campaigns, account takeovers, and synthetic identity schemes.

Social Security numbers embedded in such a dataset are particularly dangerous because they are not rotatable the way passwords or credit card numbers are. A compromised SSN follows its owner for life, enabling fraudsters to open credit lines, file false tax returns, or impersonate victims in medical and government systems years after the initial exposure.

Infutor was acquired by Verisk Analytics in 2023, bringing the data broker under the umbrella of one of the largest data analytics firms in the United States. Neither Infutor nor Verisk had issued a public statement about the alleged leak as of March 10, 2026.

Security researchers caution that unverified forum posts do not always represent genuine new breaches. In some cases, threat actors repackage previously leaked datasets or aggregate publicly available information to inflate the apparent value of a dump. Verification of the dataset's authenticity, its origin, and whether it represents a novel exfiltration or a recompilation of older leaks remains ongoing.

What is not in dispute is the volume. Nearly 677 million records would exceed the total population of the United States by more than double, suggesting extensive duplication or international records, though Infutor's core business is domestic.

For consumers, the practical steps remain consistent with any large-scale SSN exposure: placing a credit freeze with all three major bureaus, Equifax, Experian, and TransUnion, monitoring for new account activity, and filing an identity theft report with the Federal Trade Commission at IdentityTheft.gov if suspicious activity surfaces.

The scale of the alleged exposure puts pressure on regulators who have long debated whether data brokers of Infutor's type should face the same breach notification obligations as banks or health providers.