Manila, Philippines – A potential data breach involving Maxicare Philippines was recently reported by the Deep Web Konek Team, indicating a breach allegedly conducted by a threat actor called “OPCODE-90.”
According to the findings, the said move led to the unauthorised scraping of authenticated data, which compromised a file containing over 22,800 lines of sensitive information, sized at 33.3 MB. This was also reportedly being sold to the first three buyers.
The breach further resulted in the exposure of detailed personal and booking details, including sender details, member details, and member booking details.
Interestingly, more than 1,000 companies were affected because of the breach, which include ABS-CBN Corporation, Accenture, Inc., Acer Philippines Inc., Acquire Asia Pacific Philippines Inc., Afni Philippines Inc., and AIA Philippines Life and General Insurance Company Inc.
Companies like Allianz PNB Life Insurance Inc., Atlassian Philippines, Inc., Bayer Business Services Philippines Inc., BPI AIA Life Assurance Corporation (formerly BPI Philam Life Assurance Corp. BPLAC), Canva Solutions Inc., and Cebu Air, Inc. were also among those who suffered due to the breach.
On June 16, 2024, the company had already informed affected members about the incident that occurred on June 13, 2024. They have also told them that unauthorised access was gained to personal information submitted to Lab@Home, a third-party provider for laboratory requests from home.
Despite Lab@Home maintaining a separate database that is not integrated with Maxicare’s systems, the breach has still impacted Maxicare members.
In a statement to its users, Maxicare promised that it is implementing measures to mitigate additional risks and ensuring ongoing communication with members regarding the incident.
