DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bits ‘n Pieces (Trozos y Piezas)

Posted on April 10, 2023 by chum1ng0

CL: Attack on multinational SONDA claimed by Medusa

The Chilean IT multinational SONDA, which has a presence in 11 countries, has been placed on the leaks page of the threat actor Medusa Locker. Medusa’s leak site displays some file captures from different countries where this company operates. The proof includes an affidavit from SONDA Peru, invoices from the parent company, some documents from SONDA Argentina, and identity cards. As Medusa has done with other victims, they produced a video showing what they accessed and acquired.

A countdown clock on the listing shows that SONDA has until April 15 to respond. Medusa lists three prices: $10,000.00 to add another 24 hours to the clock, or $2,000,000.00 to either delete all the data or download all the data.

In a press statement on March 31, SONDA stated that it detected the malware in its systems on March 29. SONDA also stated that client services are segmented from the internal networks and they onboarded Mandiant to help. SONDA’s notice was shared on Twitter by @1ZRR4H.

Databreaches.net sent email inquiries on April 4 and 5, asking SONDA if Medusa encrypted their files and if they received a ransom note.  They were also asked if the attack affected their operations and if they were negotiating with Medusa at all. No reply was received.

DataBreaches also sent inquiries to Medusa seeking additional details, but they declined to answer the questions, saying only, “Will send the URL of the company in question, now we have too many cases open.”  Medusa did provide what appeared to be a sample on their leak site, but neither the sample nor the list of files could be downloaded when DataBreaches attempted to access them.

CL: Mutual de Seguros de Chile hit by BlackCat

Mutual de Seguros de Chile is a private, non-profit corporation in the life insurance industry. It also provides other types of benefits to its 500,000 policyholders. On April 3, BlackCat added the insurer to their leaks site with some sample files as proof.

One folder contained files from 2021 with claims and queries in .csv format. The image below is from the “Nomina” folder and was redacted by DataBreaches. The unredacted file exposes the policyholders’ rut, full name, address, mobile phone,  and email address. Databreaches.net was able to verify that the data is real because researching the rut identifiers matched the names and also matched what we found on social networks.


Image and redaction: DataBreaches.net

DataBreaches emailed Mutual on April 3 and April 4 to ask when the attack occurred, if they know what data was stolen, and if they have negotiated with BlackCat at all. No replies were received. When BlackCat was asked whether this attack occurred before or after the FONASA attack, their spokesperson answered, “Probably after,” but they provided no answers to our other questions.

ES:  AlcaSec admits to being responsible for the Judicial Neutral Point (PNJ) breach

DataBreaches.net has previously reported that half a million Spanish taxpayers and 50,000 police had their information stolen by attackers. Now ABC reports that  José Luis Huertas, aka AlcaSec, is going to provisional prison for stealing and selling the data.

AlcaSec, who pled guilty in court, illegally obtained the passwords of two Justice officials that gave him access to Judicial Neutral Point (PNJ), a system managed by the General Council of the Judiciary that connects the courts with other state institutions. ABC reported that from there, he gained access to the Tax Agency information bases in October. Stolen bank details of 575,186 taxpayers were then transferred to two servers hosted in Lithuania.

BR: The Palmeiras Club of Brazil target of a cyberattack last week

The Palmeiras Club of Brazil was the target of a cyberattack last week.  Danilo Lavieri of UOL reports that the investigation is ongoing, but that the attack was on the administrative directory. Data related to the Avanti Official supporter program of Sociedade Esportiva Palmeiras and data from the facial biometrics system are stored on external servers.

The club says it will not comment on the case until it gets the results of its investigation and determines what action might be needed. They claim that there are currently no signs that data was exfiltrated.


Editing by Dissent

Category: Breach IncidentsBusiness SectorMalwareNon-U.S.

Post navigation

← Big Pharma-partnered Evotec on high alert after cyber attack takes systems offline
Stroud Area Regional Police Department Notification of Data Security Incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.