An information breach has occurred, exposing the personally identifiable data (PII) of 820,000 people from the Dominican Republic with their COVID-19 vaccination statuses. This information has been leaked on Breach Boards, a infamous cybercrime and hacker discussion board.
This leak is essential for the delicate nature of knowledge uncovered, together with data from biotech giants Pfizer and SINOVAC BIOTECH LTD, making a goldmine for cybercriminals and nation-state actors.
Supply of the Leak
In response to Resecurity’s Cyber Menace Intelligence staff, the information has been uploaded on the Breach Boards by ‘CiberInteligenciaSV,’ a technique according to many high-profile Latin American (LATAM) information breaches.
The potential actor behind the breach was tracked after a Breach Boards member “CTF” famous overlaps with caribetours.com.do leaked database. Caribe Excursions, a Dominican tourism firm, was hacked by Kelvin Safety in April 2022. The group, concerned in over 300 cyberattacks since 2020, has focused strategic industries in over 90 nations. Spanish authorities arrested its alleged chief in December 2023.
Whereas CyberInteligenciaSV’s supply for Dominican information is unclear, CTF has raised considerations concerning the accuracy of a number of the leaked information, as customers cross-referenced ID card numbers with official Dominican authorities portals and noticed completely different names related to them.
Why is that this Leak a Large Deal?
The info dump incorporates key PII fields similar to ID card quantity, title, gender, municipality, delivery date, and vaccination information. The leak exposes the overall doses, clinic location, vaccination date, and vaccine sort administered to the affected person.
Stolen private data can be utilized for id theft, focused scams, and social engineering. Scammers can create pretend IDs, open fraudulent financial institution accounts, or make unauthorized purchases. They will additionally launch convincing phishing assaults, claiming rewards for vaccination or manipulating public opinion, concentrating on unvaccinated people with misinformation
“Alternately, threat actors could also look to sell this data to third parties seeking health-related personal information, including advertisers and employers,” Resecurity researchers defined.
The LATAM area is urged to enhance digital hygiene and take precautions in opposition to cyber dangers. The Dominican authorities should examine this information breach, notify affected people, and strengthen information safety to forestall future assaults. This contains figuring out the supply, offering clear steerage on self-protection, and investing in strong encryption, entry controls, and safety consciousness coaching for presidency staff.
RELATED TOPICS
- India’s COVID-19 surveillance instrument uncovered hundreds of thousands of consumer information
- Covid antigen check outcomes of 1.7m Indian, overseas nationals leaked
- COVID-19 testing service in US exposes sufferers’ images, passports
- Indonesian Govt’s COVID-19 check, hint app leak impacts 1.3m customers
- Chinese language COVID-19 detection agency hacked; supply code bought on darkish internet
