Threat Actor: IntelBroker | IntelBroker
Victim: Parent Teacher Association (PTA) | Parent Teacher Association
Price: Unknown
Exfiltrated Data Type: Personal and institutional data
Additional Information :
- The breach occurred in March 2024
- The breach was attributed to an individual identified as GodLike
- The breach resulted in unauthorized access and exfiltration of sensitive information
- The breach affected several databases maintained by the PTA
- The leaked datasets include COIAdditionalInsured.csv, Colleges.csv, MasterClient.csv, Medical.csv, Payment.csv, and PTO.csv
- Approximately 70,000 rows of data were exposed in COIAdditionalInsured.csv
- Approximately 22,000 rows of data were exposed in Colleges.csv
- Approximately 2,200 rows of data were exposed in MasterClient.csv
- Approximately 6,400 rows of data were exposed in Medical.csv
- Approximately 11,800 rows of data were exposed in Payment.csv
- Approximately 17,000 rows of data were exposed in PTO.csv
- The compromised data includes personal and institutional information
- Concerns regarding data privacy, security, and potential identity theft are raised
- Affected individuals and organizations may face challenges in mitigating the fallout from the breach
In a concerning turn of events, IntelBroker, a threat actor, has purportedly leaked the Parent Teacher Association (PTA) database. According to reports, the breach, attributed to an individual identified as GodLike, occurred in March 2024, resulting in the unauthorized access and exfiltration of sensitive information belonging to users affiliated with the PTA.
The breach allegedly encompassed several databases maintained by the PTA, each containing a wealth of personal and institutional data. Among the datasets reported to have been exposed are:
1. COIAdditionalInsured.csv
Rows: Approximately 70,000
Headers:
“COIAddtInsdID”, “MCID”, “PID”, “COIAIIssueDate”, “COIAICertHolderAsAI”, “COIAIRevised”, “COIAIRevisedDate”, “COIAIName1”, “COIAIName2”, “COIAIAddress1”, “COIAIAddress2”, “COIAICity”, “COIAIState”, “COIAIZipCode”, “COIAIEmail”, “COIAIAttention”, “COIAIOrder”, “COIAISpecWord”, “COIAIInterestToInsured”, “COIAICreatedDate”, “COIAICreatedBy”, “COIAILastModifiedDate”, “COIAILastModifiedBy”, “COICopyToRenewalPolicy”, “EndNumAI”, “CENumAI”, “AIName1”, “AIAddress1”, “AICity”, “AIAddress2”, “AIAttention”, “AIState”, “AIZipCode”, “AIActivityLocation”, “CID”, “ChgEndNumAI”, “ExpToCEDate”, “Upload_Key”, “COIAINote”, “FirstSave”, “COICancelled”, “COIFontSizeID”, “COIEditOutside”, “COIWaiverOfSub”, “COIBlanketAI”, “COIAIFileName”, “COICreateCENum”, “COIPNC”, “COIAIEnd”, “COIPolicyFormWording”, “COIPolicyFormWordingID”, “COIAIChildCancelled”, “WordingDefaultSet”, “COIIgnoreLimits”
2. Colleges.csv
Rows: Approximately 22,000
Headers:
“Institution_ID”, “Institution_Name”, “Institution_Address”, “Institution_City”, “Institution_State”, “Institution_Zip”, “Institution_Phone”, “Institution_OPEID”, “Institution_IPEDS_UnitID”, “Institution_Web_Address”, “Campus_ID”, “Campus_Name”, “Campus_Address”, “Campus_City”, “Campus_State”, “Campus_Zip”, “Campus_IPEDS_UnitID”, “Accreditation_Type”, “Agency_Name”, “Agency_Status”, “Program_Name”, “Accreditation_Status”, “Accreditation_Date_Type”, “Periods”, “Last Action”, “Action Date”, “Justification”, “Other_Justification”, “Justification_Url”
3. MasterClient.csv
Rows: Approximately 2,200
Headers:
“MCID”, “InsuredName”, “DirectorName”, “UniversityID”, “InsAdd1”, “InsAdd2”, “InsCity”, “InsStateID”, “InsZipCode”, “HomePhone”, “CellPhone”, “WorkPhone”, “Fax”, “Email”, “AgentID”, “BrokerPercent”, “Memo”, “CreatedBy”, “CreatedDate”, “LastModifiedBy”, “LastModifiedDate”
4. Medical.csv
Rows: Approximately 6,400
Headers:
“MedicalID”, “PID”, “MCID”, “PolicyLOBID”, “PolicyNum”, “MedRenewal”, “MedIsPolicyExcess”, “MedPerParticipants”, “MedIsPaymentDeposit”, “MedPremToCarrier”, “PmtNumIDMedPremToCarrier”, “MedCommMedical”, “MedDiscountPercent”, “MedNotes”, “MedCreatedDate”, “MedCreatedBy”, “MedLastModifiedDate”, “MedLastModifiedBy”, “FirstSave”, “MedIssuedDate”, “DateMapping”, “ExcludeFromCert”, “OldMedicalID”, “OldCarrierID”
5. Payment.csv
Rows: Approximately 11,800
Headers:
“PaymentID”, “PID”, “MCID”, “PolicyLOBID”, “PMTCheckDate”, “PMTCheckNum”, “PMTPaidAmount”, “PMTDepositDate”, “PMTQBID”, “PMTPayTypeID”, “PMTCheckRequsted”, “LiabEndNum”, “MedEndNum”, “PMTComment”, “PMTSplitCheckAmt”, “PMTSplitCheckRef”, “PMTLiability”, “PMTMedical”, “PMTAdminFee”, “PMTBrokerNet”, “PMTPremRsrv”, “PMTOverShort”, “PMTCrCardFee”, “PMTSLTaxes”, “PMTSLStampingFee”, “PMTSLBMAFee”, “PMTSLFireTax”, “PMTSLFireTaxEquipment”, “PMTSLFlatFee”, “PMTSLKYSurcharge”, “PMTNewSurplusLineName”, “PMTNewSurplusLineFee”, “PMTNewSurplusLineName2”, “PMTNewSurplusLineFee2”, “PMTBMIComm”, “PMTMiscEndFees”, “PMTPremFinAmount”, “PMTDirectComm”, “PMTGLPaidGross”, “PMTGLInvoiceNum”, “PMTGLPaidDate”, “PMTGLPaidBMICheckNum”, “PMTGLPremium”, “PMTLiabilityCommPercent”, “PMTMedPaidGross”, “PMTMedInvoiceNum”, “PMTMedPaidDate”, “PMTMedPaidBMIChNum”, “PMTMedPremium”, “PMTMedicalCommPercent”, “PMTAgtComAfDue”, “PMTComPaidDate”, “PMTAgentComPaid”, “PMTAgentComChNum”, “PMTSLTaxPaidDate”, “PMTSLFireTaxPaidDate”, “PMTSLStampingFeePaidDate”, “PMTSLFireTaxEquipPaidDate”, “PMTSLFlatFeePaidDate”, “PMTSLBMAFeePaidDate”, “PMTSLKYSurchargePaidDate”, “PMTNewSurplusLinePaidDate”, “PMTNewSurplusLinePaidDate2”, “PMTNum”, “PMTPayor”, “PMTLiabPLOBID”, “PMTQPLiabLOBID”, “PMTMedPLOBID”, “PMTQPMedLOBID”, “FirstSave”, “PMTCreatedDate”, “PMTCreatedBy”, “PMTLastModifiedDate”, “PMTLastModifiedBy”, “PMTInitialPremium”, “Cancelled”, “ImportFromAccess”, “PMTNoMoney”, “PMTNoMoneySent”, “SystemInitPrem”, “OldPaymentID”, “LiabCarrierPaid”, “MedCarrierPaid”, “PaymentTracer”
6. PTO.csv
Rows: Approximately 17,000
Headers:
“PTOID”, “MCID”, “PID”, “PTOEnteredDate”, “PTOSID”, “PTOEndReqd”, “PTOCancelled”, “PTOFirstName”, “PTOLastName”, “PTOEmail”, “PTOGroupName”, “PTOInclAddressWithGroupName”, “PTOSchoolName”, “PTOSchoolAddress1”, “PTOSchoolAddress2”, “PTOSchoolCity”, “PTOSchoolState”, “PTOSchoolZipCode”, “PTOAICHName”, “PTOAICHFileName”, “PTOAICHAdd1”, “PTOAICHAdd2”, “PTOAICHCity”, “PTOAICHState”, “PTOAICHZipCode”, “PTOCoverageType1ID”, “PTOEffectiveDate1”, “PTOExpirationDate1”, “PTOCoverageChangedOn1”, “PTOCoverageType2ID”, “PTOEffectiveDate2”, “PTOExpirationDate2”, “PTOCoverageChangedOn2”, “PTOCoverageType3ID”, “PTOEffectiveDate3”, “PTOExpirationDate3”, “PTOCoverageChangedOn3”, “PTOCoverageType4ID”, “PTOEffectiveDate4”, “PTOExpirationDate4”, “PTOCoverageChangedOn4”, “PTOCoverageType5ID”, “PTOEffectiveDate5”, “PTOExpirationDate5”, “PTOCoverageChangedOn5”, “PTOSpecialWording”, “PTOCreatedDate”, “PTOCreatedBy”, “PTOLastModifiedDate”, “PTOLastModifiedBy”, “PTOImportName”, “PTOCertDescOfOpsFontSizeID”, “PTONotes”, “CertsLiabSpecID”, “EditOutsideProgram”, “PTOPaidOn”, “ImportFromOldPTO”, “PTOCertID”, “ImportAsCancelled”, “IgnoreLimits”, “DescOfOpsHistory”, “FirstSave”
With such vast amounts of sensitive information potentially compromised, concerns regarding data privacy, security, and the potential for identity theft loom large. Affected individuals and organizations may face significant challenges in mitigating the fallout from this breach, including safeguarding personal information, addressing regulatory compliance issues, and rebuilding trust among stakeholders.
Original Source: https://dailydarkweb.net/intelbroker-allegedly-leaks-parent-teacher-association-database/