The account details of a number of users of E-Pay Malaysia were listed on a popular database marketplace forum in February 2021.
The published data included user name, e-mail address, date of birth, contact address, and mobile phone number of about 380,000 accounts.
The seller was reportedly selling the database for just USD 300, however, it was soon removed from the forum.
Source: https://www.lowyat.net/2021/231821/e-pay-malaysia-customer-data-leak-380k/
TPRM report: https://scoringcyber.rankiteo.com/company/epay-a-euronet-worldwide-company
"id": "epa3493622",
"linkid": "epay-a-euronet-worldwide-company",
"type": "Breach",
"date": "02/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 380000,
'industry': 'Financial Services',
'location': 'Malaysia',
'name': 'E-Pay Malaysia',
'type': 'Payment Platform'}],
'attack_vector': 'Database Marketplace Forum',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 380000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information']},
'date_detected': 'February 2021',
'description': 'The account details of a number of users of E-Pay Malaysia '
'were listed on a popular database marketplace forum in '
'February 2021. The published data included user name, e-mail '
'address, date of birth, contact address, and mobile phone '
'number of about 380,000 accounts. The seller was reportedly '
'selling the database for just USD 300, however, it was soon '
'removed from the forum.',
'impact': {'data_compromised': ['user name',
'e-mail address',
'date of birth',
'contact address',
'mobile phone number'],
'identity_theft_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'Financial Gain',
'threat_actor': 'Unknown Seller',
'title': 'E-Pay Malaysia Data Breach',
'type': 'Data Breach'}