A menace actor is promoting a colossal information set on a cybercrime discussion board, allegedly containing the non-public and medical information of 4.8 million customers.
A serious Kenyan cell well being and insurance coverage platform, M-Tiba, is on the middle of a colossal alleged information breach. A menace actor, recognized as “Kazu,” is claiming to have exfiltrated 2.15 terabytes of knowledge, together with extremely delicate affected person diagnoses and private identification data.
The breach was first detailed in a complete thread on X (previously Twitter) by the person @_mailler. In accordance with screenshots posted within the thread, the hackers are promoting the info on the cybercrime discussion board darkforums[.]st, claiming the total dump comprises 17,158,105 recordsdata.
In a screenshot of what seems to be a direct message, the menace actor claims the entire variety of impacted customers is 4.8 million.
The hackers offered a 2GB pattern to substantiate their claims, and the small print are alarming. In accordance with the evaluation by @_mailler, the pattern alone comprises information on over 114,000 M-Tiba customers, together with each account holders and their beneficiaries. This dataset is a trove of personally identifiable data (PII), reportedly together with:
Full namesNational ID numbersTelephone numbersDates of birthGender
The breach seems to increase far past person registration information and deep into scientific operations. The pattern reportedly features a information dump from “practically 700” well being services. JSON snippets posted within the thread present affected person names, electronic mail addresses, cellphone numbers, and “treatmentDiagnoses” fields, all linked to particular suppliers like “Fairness Afia Medical Centre- Agro Home.”
Moreover, the researcher notes the pattern comprises roughly 2,600 PDF scans. These recordsdata allegedly comprise detailed billing and analysis breakdowns for sufferers, exposing their full names, ID or Passport numbers, electronic mail addresses, and even the total names of their medical doctors.
The dimensions of this alleged breach is staggering. M-Tiba is a cornerstone of Kenya’s digital well being ecosystem, and the leak of protected well being data (PHI) mixed with monetary and private identification information (PII) on this scale could be a catastrophic privateness failure. It exposes hundreds of thousands of Kenyans to extreme dangers, together with identification theft, monetary fraud, and the general public disclosure of their non-public medical histories.
Associated
