DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

When the data leak is not from the victim you named, Wednesday edition

Posted on June 29, 2022 by chum1ng0

Ever since threat actor groups started naming and leaking victims who do not pay their demands, groups have occasionally misidentified their victims. Today’s example is courtesy of  Avos Locker, who added the Canadian Mental Health Association to their leak site in April.

Inspection of the data in the leak, however, quickly raised questions as to its source.  Files with “Columbus Metro Housing Authority” were our first clue that the data were from cmhanet.com and not cmha.ca.

Directory of some of the files pointed to an Ohio city’s housing authority.

April Disclosure

The Columbus (Ohio) Metro Housing Authority breach was disclosed in April.  The housing authority’s breach notice offered mitigation services but made no mention of any actual data leak. Perhaps they did not know at the time of the notice (or perhaps they did but decided it did not need to be mentioned?).

DataBreaches saw a lot of personal information in the leak from people who sought rental assistance and low-cost housing arrangements. Applications for tenant housing assistance contained all their personal details and financial condition as well as their Social Security numbers.

Small portion of an application for housing assistance. Redacted by DataBreaches.net.

The housing authority’s disclosure did alert people that their personal and financial information had been involved. But it did not tell them about any leak.

DataBreaches contacted the housing authority to alert them to the data leak and to ask them if they had been aware of it and had subsequently notified anyone that their personal information had been leaked.

Several days later, we received a response that the support ticket opened in response to our email had been “resolved.”  DataBreaches replied, noting that they had done absolutely nothing in response to our inquiry and had not given us answers to any of our questions, so the matter was not resolved, and to please re-open the ticket. We have heard nothing since then.

Getting no real response from CMHA, DataBreaches also contacted the mayor of Ohio to make the mayor’s office aware of the leak.

No response was received from the mayor’s office, either.

So has anyone notified the residents of Columbus, Ohio who applied for help through the CMHA that all their personal information was made freely available on the dark web?  We are guessing that they have not been notified.

Perhaps local media in Columbus, Ohio can get a response or dig into this more.

Note that this was the second Ohio city to have a ransomware incident involving its city metropolitan housing authority. The Cuyahoga Metropolitan Housing Authority reported a ransomware attack attributed to the DoppelPaymer ransomware group in February 2021. DataBreaches does not know whether the two Ohio cities share any network or vendors for their metropolitan housing authorities or whether there was any connection between the Cuyahoga attack and the Columbus attack a year later.

If you were affected by this breach and were notified that your data was on the dark web, please contact DataBreaches.net with a copy of the notification you received. Contact chum1ngo[@]protonmail.com.  


Dissent contributed to this story and provided editing help.

Category: Breach IncidentsGovernment SectorMalwareU.S.

Post navigation

← “You really don’t understand the situation…. Google about our team,” Hive tells victim
Ukraine arrests cybercrime gang operating over 400 phishing sites →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.