A cybercriminal has admitted to hacking businesses like Uber, Sainsbury's, and Groupon to sell customers' personal information on the dark web. The other targets included Nectar, T-Mobile, Asda, Ladbrokes, Coral, and Argos.
The data comprised all the information required to complete an online purchase and was then promoted and sold to clients through his dark website.
The firm is thought to have lost more than £200,000 due to the theft, although no financial data was collected.
West pleaded guilty to two counts of conspiring to defraud, one count of hacking a computer, four counts of possessing and supplying marijuana, two counts of having criminal property, and one crime of money laundering Bitcoins.
The leaked data is related to a security breach on a third-party vendor.
TPRM report: https://scoringcyber.rankiteo.com/company/uber-com
"id": "ube74122323",
"linkid": "uber-com",
"type": "Breach",
"date": "12/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Transportation',
'name': 'Uber',
'type': 'Company'},
{'industry': 'Retail',
'name': "Sainsbury's",
'type': 'Company'},
{'industry': 'E-commerce',
'name': 'Groupon',
'type': 'Company'},
{'industry': 'Loyalty Program',
'name': 'Nectar',
'type': 'Company'},
{'industry': 'Telecommunications',
'name': 'T-Mobile',
'type': 'Company'},
{'industry': 'Retail',
'name': 'Asda',
'type': 'Company'},
{'industry': 'Gambling',
'name': 'Ladbrokes',
'type': 'Company'},
{'industry': 'Gambling',
'name': 'Coral',
'type': 'Company'},
{'industry': 'Retail',
'name': 'Argos',
'type': 'Company'}],
'attack_vector': 'Hacking',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'type_of_data_compromised': 'Personal information required to '
'complete an online purchase'},
'description': 'A cybercriminal has admitted to hacking businesses like Uber, '
"Sainsbury's, and Groupon to sell customers' personal "
'information on the dark web. The other targets included '
'Nectar, T-Mobile, Asda, Ladbrokes, Coral, and Argos. The data '
'comprised all the information required to complete an online '
'purchase and was then promoted and sold to clients through '
'his dark website. The firm is thought to have lost more than '
'£200,000 due to the theft, although no financial data was '
'collected. West pleaded guilty to two counts of conspiring to '
'defraud, one count of hacking a computer, four counts of '
'possessing and supplying marijuana, two counts of having '
'criminal property, and one crime of money laundering '
'Bitcoins. The leaked data is related to a security breach on '
'a third-party vendor.',
'impact': {'data_compromised': 'Personal information required to complete an '
'online purchase',
'financial_loss': '£200,000'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'motivation': 'Financial Gain',
'regulatory_compliance': {'legal_actions': ['Guilty plea to multiple charges '
'including hacking and money '
'laundering']},
'threat_actor': 'Cybercriminal',
'title': 'Cybercriminal Hacks Multiple Businesses to Sell Customer Data on '
'the Dark Web',
'type': 'Data Breach',
'vulnerability_exploited': 'Security breach on a third-party vendor'}