When I saw the ransomware attack on the British Dental Association noted on a Russian-language forum, I didn’t think too much about it. After all, it was just another professional organization or guild organization, right?
Maybe I should have paid more attention because the organization may have stored more personal and sensitive information that I had figured. James Coker reports:
The British Dental Association (BDA) has suffered a data breach causing fears that the bank account numbers of a number of UK dentists have been stolen.
[…]
The BBC stated that while the organization does not store its members’ card details, it does hold their account numbers and sort codes in order to collect direct-debit payments.
In the email to members, the BDA reportedly referred to “logs of correspondence and notes of cases” as being among the data it has assumed stolen; this suggests that hackers may also have access to sensitive patient information.
Read more on InfoSecurity.
It’s surprising that Twitter hasn’t suspended the hacker’s Twitter account, which he is using to increase pressure on his victim by tweeting images of the files he dumped on the dark web forum. I thought Twitter was no longer allowing people to post hacked data? Why are the hacker’s tweets still up? Ironically, the hacker is banned from the forum where he first posted proof of hack and some of the data. Those data have been reposted elsewhere however.