DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Lording it over the healthcare sector: health insurer database with 9.3M entries up for sale

Posted on June 27, 2016 by Dissent

insuranceAs if yesterday’s news that three databases with 655,000 patients’ records were up for sale on TheRealDeal by “TheDarkOverlord” wasn’t disturbing enough, today they’ve listed a database with 9.3 million records from an unnamed U.S. health insurer.

The listing sets a retail price of 750 BTC, which is almost $500,000.00, and the seller describes it this way:

This product is an extremely large database in plaintext from a large insurance healthcare organization in the United States. It was retrieved using a 0day within the RDP protocol that gave direct access to this sensitive information.

Format:
Firstname, Lastname, Address1, City, State, Zip, Email, HomePhone, CellPhone, DOB, SSN

The listing includes samples from the database. Of the three sample records provided, attempts to email two of the individuals bounced back, indicating that, at the very least, there might be some old data in the database.

In addition to the samples provided in the listing, TheDarkOverlord also provided DataBreaches.net with 100 additional records. Attempts to validate the information confirmed that there may be a good amount of old personal information in the database. Most phone numbers DataBreaches.net called no longer worked or belonged to other parties. The majority of emails sent to email addresses in the larger sample did not bounce back, but produced no replies to the inquires.

One person, reached by phone, confirmed the accuracy of her date of birth and Social Security number, but reported that the address was one where she had lived years ago. When asked what insurance she had at the time, she indicated that she was on Medicare and Medicaid.  “Susan” (not real her real name) was very upset to learn that her information had been stolen, telling this reporter that she didn’t even use a computer and had no idea what to do now. Two hours later, she called this reporter back when her sister was with her so that this reporter could explain to the sister what had happened and what steps Susan might want to take to protect herself.

So the data look real, but some of it may be old. That’s not necessarily surprising, as many companies seem to be allergic to purging old data.

Curiously, TheDarkLord did not include any sample records that would indicate what other kinds of information are in the members’ records. It could be a database with just 9.3M records of the format provided in TheRealDeal listing, but it’s not clear yet whether there are other types of insurance records in the database that would list diagnoses, treatment codes, insurance account numbers, prescription information, and other data. DataBreaches.net did request additional records or information from TheDarkOverlord, but he would not provide additional details at this time unless he was paid for them, and that is not an option for this blogger. Hopefully, he’ll decide to reveal more.

But based on the sample records that were provided, DataBreaches.net reached out to one well-known insurer to ask them to confirm or deny that these were their data. They have yet to respond.

This post will be updated as more information becomes available.


Creative Commons Image Courtesy of: CheapFullCoverageAutoInsurance.com

No related posts.

Category: ExposureHackHealth DataOf NoteU.S.

Post navigation

← More details emerge on hacked patient databases up for sale
Hard Rock Las Vegas Reports Card Data Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.