Shirbit – One of the leading vehicle insurance companies for Govt. employees in Israel got hacked

Date: 8th Dec 2020

Attack/Breach Status: Successful 

Severity Impact/Potential: High

Headlines: Shirbit – One of the leading vehicle insurance companies for Govt. employees in Israel got hacked

A Hacking group known as Black Shadow has demanded  a huge ransom of $3.8 million from one of the well known Insurance company called Shirbit. Hackers have successfully encrypted and stolen sensitive information and documents of clients of Shirbit.

Hacker group gave a deadline of Saturday 9 AM to pay the ransom amount of 200 Bitcoins; however, as the company denied to pay ransom, Hackers leaked the data of customers. Data included scanned copy of identity cards, marriage certificates, financial & medical records.

Hackers also leaked the screenshot of WhatsApp conversation(claimed as negotiation) between attackers & a representative of Shirbit. 

Finance Ministry released a statement, “We take the incident seriously and are following developments on the issue and the findings of the supervisory authorities.”

Post attack, Israeli government is reconsidering the contract renewal with the insurance company.

=================================================================================

Recommendations:

Securing the account is always a joint responsibility of service provider as well as the customer. Following are the best practices for everyone to ensure safeguarding account from such attack:

  • Always use a strong password which is easy to remember but difficult to guess.
  • Use a memorable pass phrase as your password.
  • Change your password periodically or in case of any breach news or alert
  • Subscribe to free or paid services which alerts you about the breach or compromise of your account 
  • Use 2FA (Two Factor Authentication) for all your account
  • Don’t share your password with anyone
  • Don’t use same password for all accounts 
  • Search google for “Most commonly used passwords” and ensure you are not using them
  • Check  https://haveibeenpwned.com/ to validate if any of your account password compromised already

Check Also

More than 3,00,000 Spotify accounts hacked

Date: 24th Nov 2020 Attack/Breach Status: Successful  Severity Impact/Potential: High Headlines: More than 3,00,000 Spotify …

Leave a Reply

Your email address will not be published.