- Cybercriminals leaked stolen data in a Telegram channel
- Almost 3 million records from more than a million people were leaked
- There are ways to mitigate the risk
Experts have warned the data stolen in the recent Allianz Life ransomware attack has been leaked to the open internet, and have urged affected users to be on their guard.
Sensitive information on the “majority” of the insurance company’s 1.4 million customers, including people’s names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and even social security numbers, was published in a Telegram group created by ShinyHunters, Scattered Spider, and Lapsu$ threat actors.
In total, 2.8 million data records for both individual customers and business partners were grabbed as part of a wider attack on Salesforce instances. Besides Allianz Life, the group also took credit for a number of other, high-profile incidents, including the attack on Internet Archive, Pearson, and Coinbase.
Stay protected
Usually, cybercriminals would demand a ransom payment in exchange for deleting the stolen files and not leaking it on the internet.
So, if these files were published, it is safe to assume Allianz Life has decided not to pay (or the negotiations broke down for other reasons). There is always the possibility that the crooks leaked the files even after getting paid because these are, after all, cybercriminals.
There are numerous ways hackers can abuse sensitive files. They can impersonate their victims, potentially opening bank accounts in their name, apply for loans and credit cards, or rack up debt. They can also commit fake tax returns, gain access to medical treatment or prescription drugs, and even get a job illegally, which might cause problems for the victims during background checks.
Criminals might also use social security numbers to apply for various Social Security benefits, unemployment compensation, or welfare.
The attack is particularly concerning as such records could contain more than enough of sensitive information for hackers to launch highly personalized, successful phishing campaigns, leading to identity theft, wire fraud, and even ransomware attacks.
How to stay safe
If you’re concerned you may have been caught up in the incident, don’t worry – there are a number of methods to find out. HaveIBeenPwned? is probably the best resource only to check if your details have been affected, offering a run-down of every big cyber incident of the past few years.
And if you save passwords to a Google account, you can use Google’s Password Checkup tool to see if any have been compromised, or sign up for one of the password manager options we’ve rounded up to make sure your logins are protected.
Via BleepingComputer