A threat actor has allegedly leaked the database of Step2Education, a Canadian-based online education platform. The company, which provides resources and services to help students and professionals achieve their educational and career goals, was targeted in a data breach that has now been published on a dark web forum. The leaked dataset allegedly contains over 10,200 rows of data, exposing sensitive information related to the platform’s operations and its clients.
The compromised data appears to originate from a client database, revealing that Step2Education serves numerous healthcare organizations across the globe. The leaked sample data includes information pertaining to health departments and hospitals in the United States, Canada, Australia, and New Zealand. The exposure of this information could present significant security risks to these healthcare entities. The breach allegedly includes a wide range of sensitive details, highlighting the potential impact on the affected organizations.
The following data fields were allegedly compromised in the incident:
- Names and titles
- Phone and fax numbers
- Full addresses (address, city, province, country)
- User IDs
- Internal notes and financial details such as balance and currency
