An incident involving a data breach in the City of New York has come to light, with an unidentified threat actor going by the alias “pwns3c” offering access to a database containing sensitive information for sale on BreachForums. The repercussions of this breach are concerning, raising questions about the security measures in place at government offices.

According to reports, the stolen database includes 199 PDF files totaling approximately 70MB in size. The compromised data consists of a variety of personally identifiable information (PII) such as Licensee Serial Number, Expiration Date, Applicant or Licensee Name, Trade Name, Street Address, City, Zip Code, Phone Number of Applicant, and Business Email of Applicant. Additionally, sensitive details about building owners, attorneys, and individuals, including their EIN, SSN, and signature, are also part of the exposed data. Shockingly, all this confidential information is being sold for a mere $30, with interested parties instructed to contact the threat actor through private messages on BreachForums or their Telegram handle.

The consequences of such a data breach are far-reaching, as it puts the personal information of numerous individuals at significant risk. The leakage of PII and sensitive documents opens up the possibility of identity theft, fraud, and other malicious activities. Despite the severity of these claims, The Cyber Express team has attempted to verify the authenticity of the breach by reaching out to the New York City mayor’s official press contact email, but no response has been received as of now.

This incident involving pwns3c and the City of New York is not the threat actor’s first act of cybercrime. In a previous breach claimed on BreachForums, pwns3c asserted to have compromised at least 6,500 records from the Virginia Department of Elections. This data was also put up for sale at the same price of $30 in Bitcoin (BTC), Litecoin (LTC), or Monero (XMR) on the dark web. The compromised information allegedly included timestamps, usernames, election data, candidate details, and voting method information. However, there has been no official confirmation of this incident from the concerned authorities yet.

The series of breaches claimed by pwns3c shed light on the ongoing challenges faced in securing government websites. The sensitivity of the stolen data, which potentially includes Social Security Numbers (SSNs), contact details, election-related information, and signatures, emphasizes the critical need for government entities to enhance their cybersecurity protocols.

It is essential for government organizations to prioritize the safeguarding of sensitive data and implement robust security measures to prevent such breaches in the future. The exposure of confidential information not only jeopardizes the privacy and security of individuals but also undermines public trust in government institutions. As cybersecurity threats continue to evolve, staying ahead of cybercriminals is crucial to ensure the protection of sensitive data and maintain the integrity of digital systems.

In conclusion, the alleged data breaches involving pwns3c and the City of New York and Virginia Department of Elections underscore the importance of stringent cybersecurity measures and proactive monitoring to safeguard against potential threats and mitigate the risks posed by malicious actors in cyberspace. It is imperative for government agencies to be vigilant and proactive in addressing cybersecurity vulnerabilities to prevent such incidents from recurring in the future.

Source link