In February 2024, Allium UPI, the parent company of the Estonian pharmacy chain Apotheka, suffered a major data breach orchestrated by a 25-year-old Moroccan suspect, Adrar Khalid. The attacker exploited administrator credentials to unlawfully access and download sensitive customer data from the company’s loyalty program database. The breach exposed nearly 700,000 personal identification codes, 400,000+ email addresses, 60,000 home addresses, 30,000 phone numbers, and purchase records (non-prescription medications and pharmacy products dating back to 2014). While no misuse of the stolen data has been detected yet, the incident compromised a vast trove of personally identifiable information (PII) and transaction histories, posing significant risks of identity theft, phishing, or fraud. Estonian authorities have launched an international manhunt for Khalid, seeking his arrest and extradition. The breach underscores vulnerabilities in privileged access management and highlights the growing threat of targeted cyber intrusions in healthcare-related sectors.
Source: https://therecord.media/estonia-arrest-warrant-pharmacy-data-breach
TPRM report: https://www.rankiteo.com/company/magnum-as
"id": "mag5981659120125",
"linkid": "magnum-as",
"type": "Breach",
"date": "6/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 700000,
'industry': ['pharmacy', 'healthcare', 'retail'],
'location': ['Estonia', 'Latvia', 'Lithuania'],
'name': 'Allium UPI',
'type': ['parent company',
'pharmacy/healthcare provider']},
{'customers_affected': 700000,
'industry': ['pharmacy', 'retail'],
'location': ['Estonia', 'Latvia', 'Lithuania'],
'name': 'Apotheka',
'type': 'pharmacy chain'},
{'industry': ['beauty products', 'pharmacy'],
'location': ['Estonia', 'Latvia', 'Lithuania'],
'name': 'Apotheka Beauty',
'type': 'retail'},
{'industry': ['pet products', 'pharmacy'],
'location': ['Estonia', 'Latvia', 'Lithuania'],
'name': 'PetCity',
'type': 'retail'}],
'attack_vector': ['privilege abuse', 'credential theft/exploitation'],
'customer_advisories': ['public disclosure of breach',
'no evidence of data misuse'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['database records',
'customer loyalty data'],
'number_of_records_exposed': 700000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (PII + health-related purchase '
'history)',
'type_of_data_compromised': ['personal identification codes',
'email addresses',
'home addresses',
'phone numbers',
'purchase history '
'(non-prescription)']},
'date_detected': '2024-02',
'date_publicly_disclosed': '2024-02',
'description': 'Estonian authorities launched an international search for '
'Adrar Khalid, a 25-year-old Moroccan citizen, suspected of '
"unlawfully accessing Allium UPI's customer card database in "
'February 2024. The breach exposed nearly 700,000 personal '
'identification codes, 400,000+ email addresses, 60,000 home '
'addresses, 30,000 phone numbers, and purchase records of '
'over-the-counter medications dating back to 2014. Khalid '
'allegedly exploited administrator credentials, though the '
'method of obtaining them remains under investigation. No '
'misuse of the stolen data has been detected so far.',
'impact': {'brand_reputation_impact': ['potential trust erosion',
'regulatory scrutiny'],
'data_compromised': {'email_addresses': 400000,
'home_addresses': 60000,
'personal_identification_codes': 700000,
'phone_numbers': 30000,
'prescription_data': False,
'purchase_records': ['over-the-counter '
'medications',
'pharmacy products '
'(2014–present)']},
'identity_theft_risk': ['high (PII exposed)',
'no misuse detected yet'],
'legal_liabilities': ['ongoing investigation',
'potential extradition'],
'systems_affected': ['customer loyalty database (Allium UPI)']},
'initial_access_broker': {'entry_point': ['administrator credentials (method '
'unknown)'],
'high_value_targets': ['customer loyalty database']},
'investigation_status': 'ongoing (suspect at large, extradition pending)',
'motivation': ['unknown', 'potential data monetization'],
'post_incident_analysis': {'root_causes': ['privileged access abuse',
'potential credential theft']},
'references': [{'source': 'Estonian Police (Cybercrime Bureau)'},
{'source': 'Estonian Prosecutor General’s Office'},
{'source': 'Allium UPI Public Disclosure (February 2024)'}],
'regulatory_compliance': {'legal_actions': ['international arrest warrant '
'(Adrar Khalid)',
'extradition request pending'],
'regulatory_notifications': ['Estonian authorities',
'potential GDPR '
'implications']},
'response': {'communication_strategy': ['public disclosure (February 2024)'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'threat_actor': {'age': 25,
'motivation': ['unknown',
'potentially financial gain or data theft'],
'name': 'Adrar Khalid',
'nationality': 'Moroccan',
'status': ['internationally wanted', 'suspect']},
'title': 'Allium UPI (Apotheka Pharmacy Chain) Data Breach',
'type': ['data breach', 'unauthorized access']}