Saturday, October 5, 2024
Homecyber securityOver 600 GB of Fullerton India’s Data Published on the Dark Web

Over 600 GB of Fullerton India’s Data Published on the Dark Web

Published on

A significant Indian lending organization ‘Fullerton India’ was breached at the beginning of April 2023. The LockBit ransomware Darknet blog, where hackers listed the business and have since released all the hacked information, confirms it.

According to reports, on May 3, 2023, the LockBit 3.0 ransomware group exposed more than 600 GB of crucial data belonging to Fullerton, India, and its clients on the dark web.

The hackers gave Fullerton India over a week to negotiate a ransom demand of Rs. 24 crores from them. The business declined to engage in negotiations with the hackers.

- Advertisement - EHA

Information Disclosed on Dark Web

The released data include loan agreements with individuals and legal entities, the status of customer and organizational accounts, agreements with banks and other financial institutions, and data on international transfers.

Also, financial documents, including sales information and mail correspondence on important transactions with attachments. The personal data of the company’s customers, such as Aadhaar card numbers, their residential and property addresses, phone numbers, cheque numbers, and other sensitive information.

Screenshot of Compromised Customer Data (Account Statement)

Along with the clients’ personally identifiable information (PII), other sensitive data has also been disclosed, including customer IDs, bank account numbers and the dates on which they were opened, Real Time Gross Settlement (RTGS) information, National Electronic Funds Transfer (NEFT) information, branch codes, and financial transactions, including withdrawals and deposits.

The company said that “Fullerton India has learnt that some unknown entities have claimed to publish company data on illicit websites. Fullerton India cannot confirm these assertions as it is investigating the issue. The company has engaged with global experts to examine the content of the data, allegedly pertaining to it and to significantly enhance its security environment”.

After the data breach was discovered on April 24, the NBFC major temporarily suspended operations.

Press release regarding “malware incident” issued by Fullerton India

LockBit 3.0 demanded a ransom of $29,999,99, or Rs. 24 crores, to erase the compromised data. The hackers also stated that the company could postpone the deadline for $1,000 every day.

However, LockBit is renowned for using different techniques to push on its victims. They initiate a DDoS attack on the victim’s network and maintain it there until the ransom is paid, in addition to threatening to disclose material on it. It’s unclear if hackers also employed that tactic.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...