[BreachExchange] Hackers Steal Data From Israeli Car Financing Company

Fri Mar 19 10:55:03 EDT 2021

https://www.databreachtoday.com/hackers-steal-data-from-israeli-car-financing-company-a-16187

Israeli car financing company K.L.S. Capital Ltd. says that on March
10, hackers stole customer information, ID photos, vehicle licenses,
scans of checks and loan information from its servers.

"Upon discovery of the break-in, the company immediately acted to
close the break-in and the information leak was stopped," the company
says in a statement. "At the same time, the company began
investigating the breach with the help of external cyber experts and
in collaboration with the national cyber system."

In a Telegram post on Saturday morning, the Black Shadow hacking group
claimed that it hacked K.L.S. Capital and stole client data. In
December 2020, the group leaked thousands of documents containing
personal information on the customers of Israel’s Shirbit insurance
company.

Ransom Demand

The hacking group claimed that it had "destroyed" servers belonging to
the car financing company because it failed to pay a ransom. Black
Shadow waited 72 hours for the company to pay a $10,000 ransom in
bitcoin, according to The Jerusalem Post.

Black Shadow initially released blurred photographs of the
identification cards of two people who work with the company in an
attempt to get K.L.S. Capital to pay a ransom, says Lewis Jones, a
threat intelligence analyst at Talion.

"However, as seen by the previous ransomware attacks by the group, the
company should be mindful that paying the ransom does not provide any
guarantee that the data will be deleted and will not be published in
the future," Jones says.

K.L.S. Capital has 26,000 customers and executes thousands of new
vehicle transactions every year, according to its website.

'We Took a Heavy Blow'

“We’re sadly not so OK. We took a heavy blow from Iranian hackers who
apparently are seeking to attack the State of Israel, and they care
less about the money,” K.L.S. Capital's CEO, Omer Maman, told The
Jerusalem Post. “Sadly they caused us a lot of damage, but it’s not
something that we won’t know how to handle on the systems level. And
we’ll set up new systems soon that are more secure and, I hope, more
protected, even though it’s difficult to handle such large budgets of
such Iranian attackers.”

Later on Saturday afternoon, Black Shadow released screenshots,
allegedly of its email conversations with the company, in which it
demanded $10,000 in bitcoin and warned the company that it would
release more data if it wasn’t paid.

The Jerusalem Post reported that on Sunday, Israel’s Privacy
Protection Authority announced that it was investigating the incident
and that it may not approve the reactivation of K.L.S. Capital's
systems until any issues that could lead to further data leaks are
resolved.

"The motivation for the attack appears to be hacktivism," Jones of
Talion says. "And, over the last 12 months, we have seen several
attacks on Israeli businesses by Iranian threat actors. This attack
appears to be the same approach as the attack by Black Shadow in
December 2020, when it targeted an insurance company, also based in
Israel."