In a recent post on a dark web forum, an alleged cybercriminal operating under the alias “Penmy” has claimed to possess and sell unauthorized access to a major medical company’s database in Saudi Arabia. The individual is purportedly offering full access to backup data, customer information—including full names and salary details—as well as supplier records.
The alleged listing further claims that the compromised entity collaborates with various public sector organizations and academic institutions, including the Ministry of Health – Riyadh Diwan, King Abdulaziz City for Science and Technology, and King Saud University for Health Sciences. According to the post, the data set for sale contains sensitive records such as access logs, user accounts, financial details, and project updates.
The threat actor has allegedly set an asking price of $2 million for the database but stated that the price is negotiable. They also claim to be open to providing samples as proof of the data’s authenticity.
