Monday, December 23, 2024
Homecyber securityOver 600 GB of Fullerton India’s Data Published on the Dark Web

Over 600 GB of Fullerton India’s Data Published on the Dark Web

Published on

SIEM as a Service

A significant Indian lending organization ‘Fullerton India’ was breached at the beginning of April 2023. The LockBit ransomware Darknet blog, where hackers listed the business and have since released all the hacked information, confirms it.

According to reports, on May 3, 2023, the LockBit 3.0 ransomware group exposed more than 600 GB of crucial data belonging to Fullerton, India, and its clients on the dark web.

The hackers gave Fullerton India over a week to negotiate a ransom demand of Rs. 24 crores from them. The business declined to engage in negotiations with the hackers.

- Advertisement - SIEM as a Service

Information Disclosed on Dark Web

The released data include loan agreements with individuals and legal entities, the status of customer and organizational accounts, agreements with banks and other financial institutions, and data on international transfers.

Also, financial documents, including sales information and mail correspondence on important transactions with attachments. The personal data of the company’s customers, such as Aadhaar card numbers, their residential and property addresses, phone numbers, cheque numbers, and other sensitive information.

Screenshot of Compromised Customer Data (Account Statement)

Along with the clients’ personally identifiable information (PII), other sensitive data has also been disclosed, including customer IDs, bank account numbers and the dates on which they were opened, Real Time Gross Settlement (RTGS) information, National Electronic Funds Transfer (NEFT) information, branch codes, and financial transactions, including withdrawals and deposits.

The company said that “Fullerton India has learnt that some unknown entities have claimed to publish company data on illicit websites. Fullerton India cannot confirm these assertions as it is investigating the issue. The company has engaged with global experts to examine the content of the data, allegedly pertaining to it and to significantly enhance its security environment”.

After the data breach was discovered on April 24, the NBFC major temporarily suspended operations.

Press release regarding “malware incident” issued by Fullerton India

LockBit 3.0 demanded a ransom of $29,999,99, or Rs. 24 crores, to erase the compromised data. The hackers also stated that the company could postpone the deadline for $1,000 every day.

However, LockBit is renowned for using different techniques to push on its victims. They initiate a DDoS attack on the victim’s network and maintain it there until the ransom is paid, in addition to threatening to disclose material on it. It’s unclear if hackers also employed that tactic.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...