DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bits ‘n Pieces (Trozos y Piezas)

Posted on April 10, 2023 by chum1ng0

CL: Attack on multinational SONDA claimed by Medusa

The Chilean IT multinational SONDA, which has a presence in 11 countries, has been placed on the leaks page of the threat actor Medusa Locker. Medusa’s leak site displays some file captures from different countries where this company operates. The proof includes an affidavit from SONDA Peru, invoices from the parent company, some documents from SONDA Argentina, and identity cards. As Medusa has done with other victims, they produced a video showing what they accessed and acquired.

A countdown clock on the listing shows that SONDA has until April 15 to respond. Medusa lists three prices: $10,000.00 to add another 24 hours to the clock, or $2,000,000.00 to either delete all the data or download all the data.

In a press statement on March 31, SONDA stated that it detected the malware in its systems on March 29. SONDA also stated that client services are segmented from the internal networks and they onboarded Mandiant to help. SONDA’s notice was shared on Twitter by @1ZRR4H.

Databreaches.net sent email inquiries on April 4 and 5, asking SONDA if Medusa encrypted their files and if they received a ransom note.  They were also asked if the attack affected their operations and if they were negotiating with Medusa at all. No reply was received.

DataBreaches also sent inquiries to Medusa seeking additional details, but they declined to answer the questions, saying only, “Will send the URL of the company in question, now we have too many cases open.”  Medusa did provide what appeared to be a sample on their leak site, but neither the sample nor the list of files could be downloaded when DataBreaches attempted to access them.

CL: Mutual de Seguros de Chile hit by BlackCat

Mutual de Seguros de Chile is a private, non-profit corporation in the life insurance industry. It also provides other types of benefits to its 500,000 policyholders. On April 3, BlackCat added the insurer to their leaks site with some sample files as proof.

One folder contained files from 2021 with claims and queries in .csv format. The image below is from the “Nomina” folder and was redacted by DataBreaches. The unredacted file exposes the policyholders’ rut, full name, address, mobile phone,  and email address. Databreaches.net was able to verify that the data is real because researching the rut identifiers matched the names and also matched what we found on social networks.


Image and redaction: DataBreaches.net

DataBreaches emailed Mutual on April 3 and April 4 to ask when the attack occurred, if they know what data was stolen, and if they have negotiated with BlackCat at all. No replies were received. When BlackCat was asked whether this attack occurred before or after the FONASA attack, their spokesperson answered, “Probably after,” but they provided no answers to our other questions.

ES:  AlcaSec admits to being responsible for the Judicial Neutral Point (PNJ) breach

DataBreaches.net has previously reported that half a million Spanish taxpayers and 50,000 police had their information stolen by attackers. Now ABC reports that  José Luis Huertas, aka AlcaSec, is going to provisional prison for stealing and selling the data.

AlcaSec, who pled guilty in court, illegally obtained the passwords of two Justice officials that gave him access to Judicial Neutral Point (PNJ), a system managed by the General Council of the Judiciary that connects the courts with other state institutions. ABC reported that from there, he gained access to the Tax Agency information bases in October. Stolen bank details of 575,186 taxpayers were then transferred to two servers hosted in Lithuania.

BR: The Palmeiras Club of Brazil target of a cyberattack last week

The Palmeiras Club of Brazil was the target of a cyberattack last week.  Danilo Lavieri of UOL reports that the investigation is ongoing, but that the attack was on the administrative directory. Data related to the Avanti Official supporter program of Sociedade Esportiva Palmeiras and data from the facial biometrics system are stored on external servers.

The club says it will not comment on the case until it gets the results of its investigation and determines what action might be needed. They claim that there are currently no signs that data was exfiltrated.


Editing by Dissent

Category: Breach IncidentsBusiness SectorMalwareNon-U.S.

Post navigation

← Big Pharma-partnered Evotec on high alert after cyber attack takes systems offline
Stroud Area Regional Police Department Notification of Data Security Incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.