OSINT Academy

Specific cases of data breach in 2022 (2)

data breach

1. 11 million people's personal and medical data accessed in Optus data breach

Australian telecommunications company Optus suffered a devastating data breach on September 22, 2022, resulting in 11 million customers' details being accessed. The information accessed included customers' names, dates of birth, phone numbers, email and home addresses, driver's license and/or passport numbers, and Medicare ID numbers.

Files containing this confidential information were posted on hacker forums after Optus refused to pay the ransom demanded by the hackers. Victims of the data breach also said they were contacted by the alleged hackers and asked to pay A$2,000 (US$1,300) or their data would be sold to other malicious parties.

2. Hackers tried to sell data of 500 million WhatsApp users on the dark web

On November 16, 2022, a hacker posted a dataset to BreachForums containing what they claimed was the most recent personal information of 487 million WhatsApp users from 84 countries/regions.

In the post, the alleged hacker stated that those who purchased the dataset would receive the "latest cell phone numbers" of WhatsApp users. According to the bad guys, among the 487 million records are details of 32 million U.S. users, 11 million U.K. users and 6 million German users.

The hackers did not explain how such a large amount of user data was collected, saying only that they "used their tactics" to obtain it.

3. 9.7 million people's information stolen in Medibank data breach

On October 13, 2022, Australian healthcare and insurance provider Medibank detected some "unusual activity" in its internal systems. The company was subsequently contacted by malicious parties on October 17, with the aim of "negotiating with [the healthcare] company over their alleged deletion of customer data. However, Medibank publicly refused to give in to the hackers' demands.

Medibank disclosed the true extent of the hack on November 7, announcing that malicious actors had accessed and stolen the data of 9.7 million past and present customers without authorization. The information included confidential and personally identifiable information about medical procedures, including codes related to diagnoses and procedures.

After Medibank continued to refuse to pay the ransom, the hackers released files containing customer data called "good-list" and "naughty-list" on November 9, 2022.

The so-called "naughty list" reportedly included details of people who sought treatment for mental health problems such as HIV, drug or alcohol addiction, or eating disorders.

On November 10, they posted a file labeled "abortion" on a website supported by the Russian ransomware group REvil, which apparently contained information on procedures claimed by the insured, including miscarriages, terminations of pregnancy and ectopic pregnancies.



Related Articles:

The 12 Most Frequently Exploited Vulnerabilities in 2022 (3)
How to use threat intelligence to monitor criminal activity on the dark web? (2)
Information of many car companies was publicly sold on the dark web
What is OPSEC originating from the U.S. military?
The 12 Most Frequently Exploited Vulnerabilities in 2022 (4)
Overall data breach posture in 2022