The hacker group Babuk has finally released all the customer and employee data of Phone House. After the first file containing the personal data of more than 1 million customers, they have published all the data obtained from Phone House. According to the hacking group, there are 113 GB of files and databases in total, corresponding to more than 13 million Phone House customers.
The data fields involving citizens' personal privacy are names, ID cards, bank accounts, addresses, phone numbers, emails, dates of birth, and even the places of work or stores where users became customers, making this one of the largest data breaches of a Spanish company to date.
Babuk is a new ransom ring that began operations in 2021 and usually targets large companies, according to cybersecurity companies such as McAfee, which described it. The cyber attackers posted a message on the dark web (.onion) where you can read your information and directly access all the data in the file.
In the previous days, Babuk explained that Phone House had been asked to pay a ransom and thus not to publish this information. It seems that the company did not cooperate with the attackers as suggested by the cybersecurity agency, judging by the consequences of the current disclosure of all the data.
Despite taking several days, the company has yet to make an official comment. According to the law, Phone House must contact the Spanish Data Protection Agency within 72 hours and subsequently notify all affected customers and inform them that their data has been compromised.
Yesterday, the "Have i been pwned?" network added a total of 5,223,350 Phone House accounts to its database. This is a public page from where we can check if our data is among the leaked list. The ransom group claims to have obtained a total of 13 million customers' data, which is not the same as the number of "Have i been pwned?", but in any case, there must have been more than a million leaks.