The personal identifying information (PII)\u2014names, email addresses, phone numbers, physical addresses, employers and job titles\u2014for 33,698,126 Americans has been leaked online.The data, a 52.2GB CSV file, came from a commercial corporate database. Security researcher Troy Hunt determined that the breach came from NetProspex, a service provided by Dun & Bradstreet, which ironically was named as a 2017 world\u2019s most ethical company.The leaked database is currently listed as the 16th biggest breach on Have I Been Pwned, meaning more people were affected than in the Ashley Madison breach and fewer than in the Last.fm breach. Hunt wrote on HIBP:In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer.Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addressesNetProspex describes what it does as:We help marketers develop and manage their B2B data. Our multi-faceted data quality processes \u2014 backed by the world's largest commercial database and seamless integration into your marketing systems \u2014 enables you to identify the best opportunities, build stronger relationships and accelerate growth for your company.All the records are from the U.S., Hunt said, with the most \u2014 over 4 million records \u2014 coming from California, followed by 2.7 million from New York and 2.6 million from Texas.Hunt further provided a breakdown of the top 10 companies in the data set, listing how many records were from each:DOD Cce.: 101,013United States Postal Service: 88,153AT&T Inc.: 67382Wal-Mart Stores, Inc.: 55,421CVS Health Corporation: 40,739The Ohio State University: 38,705Citigroup Inc.: 35,292Wells Fargo Bank, National Association: 34,928Kaiser Foundation Hospitals: 34,805International Business Machines Corporation: 33,412Regarding the Department of Defense, there were over 10,000 \u201cunique job titles such as \u2018Soldier\u2019 (which was the most common with 2.7k entries), but also titles like \u2018Ammunition Specialist\u2019 (91 people) and \u2018Chemical Engineer\u2019 (32), along with the sorts of roles you'd expect in the army such as \u2018Intelligence Analyst\u2019 (715) and \u2018Platoon Sargent\u2019 (670).\u201dHunted added, \u201cWhen you look at that list and ask \u2018How would the US military feel about this data - complete with PII and job title - being circulated,\u2019 you can't help but feel it poses some serious risks. (The ISIS kill list of last year was one of the first things I thought of.)\u201dAfter ZDNet\u2019s Zach Whittaker, whose PII was also included in the leaked corporate database, reached out to Dun & Bradshaw, the company said, \u201cWe've carefully evaluated the information that was shared with us, and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system.\u201dIt was not saying the 6-month old bulk data did not originally belong to Dun & Bradshaw, just that its own systems were not compromised. It claims to have sold the data \u201cto \u2018thousands\u2019 of companies.\u201d It was attempting to determine which third-party company exposed the copy of the database, but that it was \u201cdifficult.\u201d Lastly, it emphasized that the data collection complied with U.S. laws, but contained \u201cno PII data.\u201dHunt disagrees, writing, \u201cWhen you have someone's first and last names, their job title and their email address along with the company they work for, you have PII. And that's really what makes this a highly volatile collection of data; this much personal information on this many people and set in the context of their professional roles poses numerous risks to the organizations involved here.\u201dHunt pointed back at what Tim Berners-Lee recently said on the 28th anniversary of the web, agreeing that we have lost control of our personal data.