, placing a large portion of the US corporate population at risk . According to independent researcher Troy Hunt , the database is about 52 gigabytes in size and contains just under 33.7 million unique email addresses and other contact information from employees of thousands of large enterprises and government entities . While details are unfolding , the leakAttack.Databreachis thought to be from a database D & B acquired from NetProspex in 2015 . The file is a “ list rental ” file that D & B offers marketers for use for their own email campaigns . It ’ s believed that one of these marketing firms is the source of the leakAttack.Databreachitself having been compromisedAttack.Databreachin some way . `` We 've carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day , ” D & B said in a media statement . “ Dun & Bradstreet maintains that neither they or NetProspex suffered a breachAttack.Databreachor caused the leakAttack.Databreach, ” said Stephen Boyer , co-founder and CTO of third-party risk management and security ratings firm BitSight . “ If true and the leakAttack.Databreachstemmed from one of their customers , which represents a new dimension of third-party risk . While customers do n't have ongoing relationships in the way that vendors and suppliers do , they still can pose risk when licensing and buying data in bulk. ” As originally reported by ZDNet , Hunt said in a blog post that he was able to determine that the most records in the database come from the US Department of Defense , with other government and large enterprises following . The worrisome part is the deep bench of information that the records contain . For Wells Fargo , for example , the information is for the C-suite and 45 vice presidents , senior vice presidents , assistant vice presidents and executive vice presidents , all with names and email addresses alongside job titles . `` The market for stolen personal identifiable information continues to be lucrative for attackers to steal and sellAttack.Databreachdata , ” said Lee Weiner , chief product officer at Rapid7 , via email . “ Individuals affected by this breachAttack.Databreachshould continue to be vigilant for piggy-back attacks that can ensue from attackers using this information to engage in phishing tactics with this information to stealAttack.Databreachpasswords and gain accessAttack.Databreachto accounts . '' Those follow-on threats can include business email compromise ( BEC ) . “ This leakAttack.Databreachallows cyber-criminals to carry out whaling attacksAttack.Phishingfor large enterprises , ” said Boyer . “ Some organizations have over 100,000 employee records compromisedAttack.Databreachin this breachAttack.Databreachand may witness an uptake in targeted phishing attacksAttack.Phishingand fraud schemes. ” Hunt noted that the leak is an example of an endemic problem in data management and society . “ We 've lost control of our personal data and…we often do not have any way of feeding back to companies what data we ’ d rather not share , ” he noted . “ Particularly when D & B believe they 're operating legally by selling this information , what chance do we have—either as individuals or corporations—of regaining control of data like this ? Next to zero and about the only thing you can do right now is assess whether you 've been exposed . ”