Sensitive credentials were exposed by a digital identification tool that OCR Labs offered to large banks and government organizations, seriously endangering the safety of its customers.
Threat actors might compromise banks' backend infrastructure and, as a result, the infrastructure of their customers using disclosed data.
Cybercriminals' primary focus is on financial services, posing a serious threat to businesses and their clients.
The Cybernews investigation team identified the OCR Labs system's misconfiguration that exposed private information.
Source: https://securityaffairs.com/144514/data-breach/ocr-labs-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/idverse
"id": "idv31921023",
"linkid": "idverse",
"type": "Data Leak",
"date": "04/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': ['Large Banks',
'Government Organizations'],
'industry': 'Technology',
'name': 'OCR Labs',
'type': 'Company'}],
'attack_vector': 'Misconfiguration',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive Credentials',
'Private Information']},
'description': 'Sensitive credentials were exposed by a digital '
'identification tool that OCR Labs offered to large banks and '
'government organizations, seriously endangering the safety of '
"its customers. Threat actors might compromise banks' backend "
'infrastructure and, as a result, the infrastructure of their '
"customers using disclosed data. Cybercriminals' primary focus "
'is on financial services, posing a serious threat to '
'businesses and their clients. The Cybernews investigation '
"team identified the OCR Labs system's misconfiguration that "
'exposed private information.',
'impact': {'data_compromised': ['Sensitive Credentials',
'Private Information'],
'systems_affected': ['Digital Identification Tool',
'Backend Infrastructure of Banks and Their '
'Customers']},
'initial_access_broker': {'entry_point': 'Misconfigured System',
'high_value_targets': ['Large Banks',
'Government Organizations']},
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'System Misconfiguration'},
'references': [{'source': 'Cybernews Investigation Team'}],
'title': 'OCR Labs Credential Exposure Incident',
'type': 'Data Breach',
'vulnerability_exploited': 'System Misconfiguration'}