As if yesterday’s news that three databases with 655,000 patients’ records were up for sale on TheRealDeal by “TheDarkOverlord” wasn’t disturbing enough, today they’ve listed a database with 9.3 million records from an unnamed U.S. health insurer.
The listing sets a retail price of 750 BTC, which is almost $500,000.00, and the seller describes it this way:
This product is an extremely large database in plaintext from a large insurance healthcare organization in the United States. It was retrieved using a 0day within the RDP protocol that gave direct access to this sensitive information.
Format:
Firstname, Lastname, Address1, City, State, Zip, Email, HomePhone, CellPhone, DOB, SSN
The listing includes samples from the database. Of the three sample records provided, attempts to email two of the individuals bounced back, indicating that, at the very least, there might be some old data in the database.
In addition to the samples provided in the listing, TheDarkOverlord also provided DataBreaches.net with 100 additional records. Attempts to validate the information confirmed that there may be a good amount of old personal information in the database. Most phone numbers DataBreaches.net called no longer worked or belonged to other parties. The majority of emails sent to email addresses in the larger sample did not bounce back, but produced no replies to the inquires.
One person, reached by phone, confirmed the accuracy of her date of birth and Social Security number, but reported that the address was one where she had lived years ago. When asked what insurance she had at the time, she indicated that she was on Medicare and Medicaid. “Susan” (not real her real name) was very upset to learn that her information had been stolen, telling this reporter that she didn’t even use a computer and had no idea what to do now. Two hours later, she called this reporter back when her sister was with her so that this reporter could explain to the sister what had happened and what steps Susan might want to take to protect herself.
So the data look real, but some of it may be old. That’s not necessarily surprising, as many companies seem to be allergic to purging old data.
Curiously, TheDarkLord did not include any sample records that would indicate what other kinds of information are in the members’ records. It could be a database with just 9.3M records of the format provided in TheRealDeal listing, but it’s not clear yet whether there are other types of insurance records in the database that would list diagnoses, treatment codes, insurance account numbers, prescription information, and other data. DataBreaches.net did request additional records or information from TheDarkOverlord, but he would not provide additional details at this time unless he was paid for them, and that is not an option for this blogger. Hopefully, he’ll decide to reveal more.
But based on the sample records that were provided, DataBreaches.net reached out to one well-known insurer to ask them to confirm or deny that these were their data. They have yet to respond.
This post will be updated as more information becomes available.