Three large providers of online personal data confirmed to CNBC that they were victims of security breaches on Thursday. Cybersecurity expert Brian Krebs revealed the results of his seven-month investigation earlier in September, on his blog, KrebsonSecurity. He found that potential identity thieves purchased more than a million Social Security Numbers from a site he believes is responsible for the hacks.
Hackers targeted LexisNexis, Kroll Background America and Dun & Bradstreet.
LexisNexis, a provider of identity verifications and background checks, issued a statement confirming that it "identified an intrusion targeting our data." Altegrity's Kroll Background America, which provides employment background checks, said in its statement that its "web-hosting servers were infected with a malicious software program," or so-called malware. Similarly, D&B spokeswoman Michele Caselnova wrote in an email, "I can confirm that D&B was one of several victims of a cyberattack." D&B provides commercial and business information.
While the three data brokers confirmed the breaches, none would confirm that personal information was taken. LexisNexis, for its part, said in its statement that there was "no evidence that customer or consumer data were reached or retrieved." Kroll said in its statement that it is investigating the impact of the malware, and D&B would not comment on whether personal data was accessed.
Hack attacks like those that affected the three data brokers cost the United States at least $70 billion a year, according to a study by McAfee and the Center for Strategic and International Studies. Companies spent almost $1 billion in 2012 on insurance to cover their risks, according to the study.
The FBI confirmed that it is investigating the breaches. All three companies said they are working with authorities.
(Read more: US charges six in biggest credit card hack on record)