Maxicare Philippines may have suffered a data breach that may have exposed the data of thousands of customers. The breach affects members who are part of over a thousand major companies.
Maxicare initially informed affected members of the data breach, which occurred June 13, in an email dated June 16. They also informed the National Privacy Commission (NPC) of the breach at 12:49 pm on the same day.
"On 13 June 2024, Maxicare Healthcare Corporation ("Maxicare") was informed that an unauthorized person/s may have gained access to the personal information of our members submitted to Lab@Home," read the email.
According to Deep Web Konek Team, the Philippine-based cybersecurity and deep web group that identified the breach, a threat actor known as "OPCODE-90" is the culprit behind the breach. OPCODE-90 is reportedly selling the compromised data, which consists of 22,800 lines of sensitive information in a file sized at 33.3 MB, to the first three buyers.
Meanwhile, the Department of Information and Communications Technology - National Computer Emergency Response Team (DICT-NCERT) stated that the leak occurred when the OPCODE-90 discovered the login credentials of someone with access to the data on the internet.
Sensitive personal details included in the Maxicare data breach include detailed personal and booking information including such as personal details; including first name, middle name, last name, unit or vendor, company, email, and Go Rewards code. This is on top of Maxicare membership-specific details such as their company name, 16-digit Maxicare card number, corporate code, account type, date of birth, sex, mobile numbers, email address, remarks, and VIP status. Booking details, such as detailed address data, preferred dates and times as well as pre-requested procedures were also exposed. (Read: Why should you switch to digital wallets like GCash and PayMaya, and why you shouldn't)
According to the report, over 1,000 major companies have been affected by the breach. Some of these companies include ABS-CBN Corporation, Accenture Inc., Concentrix Philippines, Cebu Air, IPay 88, BPI AIA Life Assurance Corp., Sitel Philippines, Unilver Philippines, Villar Group of Companies, Wells Fargo International Solutions, ZTE Philippines, and more.
A full list of companies affected by the Maxicare Philippines data breach has yet to be released as of reporting time.
DICT-NCERT stated that it is already coordinating with the NPC to offer assistance to Maxicare. In the meantime, it is advising organizations to implement security mechanisms that don't rely solely on passwords, including biometric authentication and multi-factor authentication, to prevent similar breaches from happening in the future.
If you like reading our content, why not show your appreciation by treating us to a cup of coffee? (or two, if you're feeling generous)
No comments:
Post a Comment