leaksear.ch has indexed 1,942,837 records from a Bureau van Dijk-related Orbis customer dataset that was published to a hacking forum in August 2021, with the breach date recorded as August 19, 2021 (leaksear.ch metadata). Bureau van Dijk is a Moody's business information provider, and public breach listings describe the wider incident as "Public Business Data" sourced from a BvD Orbis product customer, not as unauthorized access to BvD or Moody's systems (haveibeenpwned.com, monitor.mozilla.org).
What happened
Have I Been Pwned says that in approximately August 2021, hundreds of gigabytes of business data collated from public sources was obtained and later published to a popular hacking forum. The corpus was sourced from a customer of Bureau van Dijk's Orbis product and contained hundreds of millions of lines about corporations and individuals, including names and dates of birth; HIBP reports the wider corpus included 28 million unique email addresses, physical addresses, phone numbers and job titles (haveibeenpwned.com, monitor.mozilla.org).
Moody's describes Orbis as a global private-company data and intelligence product, formerly a BvD flagship solution, that captures, appends and standardizes company data for analysis. Moody's completed its acquisition of Bureau van Dijk in 2017 and described BvD as a global provider of business intelligence and company information (www.moodys.com, ir.moodys.com).
Public breach trackers state that there was no unauthorized access to BvD's systems and that the incident did not expose BvD or Moody's clients. That distinction matters: the leak appears tied to data sourced from an Orbis customer, while the exposed records still contain personal data that can affect individuals and organizations (haveibeenpwned.com, monitor.mozilla.org).
What data was exposed
According to leaksear.ch metadata, the indexed BVD source contains names, dates of birth, emails, phone numbers, physical addresses, countries, nationalities and job titles across 1,942,837 records (leaksear.ch metadata). The searchable pivots on leaksear.ch are address, country, date of birth, email, name and phone; job title and nationality are present as record context rather than direct search fields (leaksear.ch metadata).
These categories align with the broader Public Business Data listing in HIBP and Mozilla Monitor, which list dates of birth, email addresses, job titles, names, phone numbers and physical addresses as compromised data (haveibeenpwned.com, monitor.mozilla.org).
Why this matters
Because the data links personal identifiers to business context, security teams should watch for targeted phishing, executive impersonation, sales-lead abuse and account-recovery attempts that use names, phone numbers, job titles, addresses or dates of birth. Public breach listings do not list passwords for this incident, so the most immediate risk is correlation and social engineering rather than direct password reuse from this leak (monitor.mozilla.org, haveibeenpwned.com). Individuals and organizations that may appear in the dataset should review exposed contact details, be cautious with unsolicited messages that reference job or address information, and check whether their data is present in this leak on leaksear.ch.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, and phone.