SC Basque

History

2023: Data breach of hundreds of thousands of customers

On December 18, 2023, it became known that the information infrastructure of the insurance company BASK was subjected to a cyber attack, as a result of which the personal data of hundreds of thousands of customers were leaked. The attackers put up the stolen information for sale on one of the shadow forums on the Internet.

It is known that the stolen databases in total contain over 100 thousand phone numbers of BASK clients and almost 300 thousand email addresses. It is noted that the data is relevant: some files are dated December 2, 2023. Information can be used by cybercriminals in organizing various fraudulent schemes, for example, personalized phishing attacks aimed at stealing money.

The information infrastructure of the insurance company BASK was subjected to a cyber attack

According to the Telegram channel "Information Leaks," the attackers had at their disposal the following information about the clients of the insurance company: full name, hashed password, phone number (134 thousand unique numbers), email address (294 thousand unique addresses), physical address, date of birth, gender, passport series/number, driver's license number, insurance policy number, license plate number and vehicle VIN.

As of December 18, 2023, the BASK company itself does not comment on the situation in any way, so it is not clear whether the attack was associated with the introduction of a ransomware program. However, on December 11, 2023, the insurer's website received a notification of technical work related to the E-OSAGO (epolis.icbask.com) platform. It was assumed that these works would last a day, but subsequently BASK reported that maintenance would be delayed for another day. The company apologized for the inconvenience caused, without going into any details.^[1]

Notes