DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Meow Leaks claims attack on Vanderbilt University Medical Center (3)

Posted on November 24, 2023 by Dissent

 

Meow Leaks has added Vanderbilt University Medical Center (VUMC) in Tennessee to their leak site, and has dumped what they claim is 100% of the data they exfiltrated.

“The hack was 02/11/23
The company will be hacked again!” they announced on November 18.

 The leak was posted in two parts, each described as “SQL,” but by the time DataBreaches attempted to download the data, it had been deleted from the file-sharing site for violations of terms of service.

Via communications on Jabber, Meow Leaks informed DataBreaches that they would be re-uploading the data to where it couldn’t be deleted, but that has not happened as of publication.

DataBreaches reached out to VUMC to ask about the claimed attack. VUMC Chief Communications Officer John Howser sent the following statement confirming a breach:

Vanderbilt University Medical Center (VUMC) identified and contained a cybersecurity incident in which a database was compromised and has launched an investigation into the incident. Preliminary results from the investigation indicate that the compromised database did not contain personal or protected information about patients or employees. Thank you.

Although they did not answer a question as to whether any files had been encrypted, the spokesperson for Meow Leaks told DataBreaches that they had not locked anything.  “We are not blocking anyone, we are against ransomware,” they told DataBreaches.

When informed of VUMC’s statement about personal or protected information about patients or employees not being involved (based on preliminary results), they responded:

You will find out soon, they have a lot of vulnerabilities and you have to understand that we tried to contact them and fix all the vulnerabilities in their network through the bug bounty program, but they were not interested. So we will post the old information and later the other information.

DataBreaches will continue to monitor this incident and will provide an update when more information becomes available.

Update 1: Because others have raised questions or suggested that Meow Leaks is the same group as the Meow Ransomware group or others who use “Meow” on Telegram, DataBreaches asked them to clarify those points. “There’s no such thing as a Telegram channel. We are in no way connected with the meow ransom programs,” they responded. The group has reuploaded the data, and DataBreaches will update this post after examining it.

Update 2: DataBreaches has reviewed the compressed archives uploaded by Meow Leaks. Those data did not include any personnel’s personal information or any patient data, as the statement from VUMC had suggested. If Meow Leaks dumps more data at some later date,  this post may be updated.

Update 3: More about Meow Leaks: As reported above, Meow Leaks claims they are not associated with the Meow Ransomware gang or any “Meow” channel on Telegram. Since then, other unsupported claims have also appeared, such as a claim that Meow Leaks is “ex-Conti.”

From what DataBreaches has gathered so far, Meow Leak’s model is the”We’ve found vulnerabilities and we’ll help you fix them for a fee” approach. They say they charge a lot less than IT firms and consider the fee like a bug bounty. Having noticed that some of their listings were for entities they claim to have hit more than two months ago, DataBreaches asked whether that was their usual timeframe. They answered:

I usually try to let the company know as soon as possible about multiple vulnerabilities and don’t rush anyone. The data is just as evidence that they are vulnerable. I am not interested in the data, but I am annoyed that the company is trying to hide the hack from the public and blatantly lie to me that they are doing fine) I offer security services to them and the price of security is very different from what IT companies can offer them now. Let’s just say they are investing in their bright future and I am helping them make it happen. Let them be held legally accountable if they’re liars.

Category: Breach IncidentsHackHealth DataU.S.

Post navigation

← From ransomware to attacks on vendors, school districts face multiple threats
Network outage at UT Health East Texas causes the hospital to enter divert status →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.