Meow Leaks has added Vanderbilt University Medical Center (VUMC) in Tennessee to their leak site, and has dumped what they claim is 100% of the data they exfiltrated.
“The hack was 02/11/23
The company will be hacked again!” they announced on November 18.
The leak was posted in two parts, each described as “SQL,” but by the time DataBreaches attempted to download the data, it had been deleted from the file-sharing site for violations of terms of service.
Via communications on Jabber, Meow Leaks informed DataBreaches that they would be re-uploading the data to where it couldn’t be deleted, but that has not happened as of publication.
DataBreaches reached out to VUMC to ask about the claimed attack. VUMC Chief Communications Officer John Howser sent the following statement confirming a breach:
Vanderbilt University Medical Center (VUMC) identified and contained a cybersecurity incident in which a database was compromised and has launched an investigation into the incident. Preliminary results from the investigation indicate that the compromised database did not contain personal or protected information about patients or employees. Thank you.
Although they did not answer a question as to whether any files had been encrypted, the spokesperson for Meow Leaks told DataBreaches that they had not locked anything. “We are not blocking anyone, we are against ransomware,” they told DataBreaches.
When informed of VUMC’s statement about personal or protected information about patients or employees not being involved (based on preliminary results), they responded:
You will find out soon, they have a lot of vulnerabilities and you have to understand that we tried to contact them and fix all the vulnerabilities in their network through the bug bounty program, but they were not interested. So we will post the old information and later the other information.
DataBreaches will continue to monitor this incident and will provide an update when more information becomes available.
Update 1: Because others have raised questions or suggested that Meow Leaks is the same group as the Meow Ransomware group or others who use “Meow” on Telegram, DataBreaches asked them to clarify those points. “There’s no such thing as a Telegram channel. We are in no way connected with the meow ransom programs,” they responded. The group has reuploaded the data, and DataBreaches will update this post after examining it.
Update 2: DataBreaches has reviewed the compressed archives uploaded by Meow Leaks. Those data did not include any personnel’s personal information or any patient data, as the statement from VUMC had suggested. If Meow Leaks dumps more data at some later date, this post may be updated.
Update 3: More about Meow Leaks: As reported above, Meow Leaks claims they are not associated with the Meow Ransomware gang or any “Meow” channel on Telegram. Since then, other unsupported claims have also appeared, such as a claim that Meow Leaks is “ex-Conti.”
From what DataBreaches has gathered so far, Meow Leak’s model is the”We’ve found vulnerabilities and we’ll help you fix them for a fee” approach. They say they charge a lot less than IT firms and consider the fee like a bug bounty. Having noticed that some of their listings were for entities they claim to have hit more than two months ago, DataBreaches asked whether that was their usual timeframe. They answered:
I usually try to let the company know as soon as possible about multiple vulnerabilities and don’t rush anyone. The data is just as evidence that they are vulnerable. I am not interested in the data, but I am annoyed that the company is trying to hide the hack from the public and blatantly lie to me that they are doing fine) I offer security services to them and the price of security is very different from what IT companies can offer them now. Let’s just say they are investing in their bright future and I am helping them make it happen. Let them be held legally accountable if they’re liars.