In a concerning turn of events, IntelBroker, a threat actor, has purportedly leaked the Parent Teacher Association (PTA) database. According to reports, the breach, attributed to an individual identified as GodLike, occurred in March 2024, resulting in the unauthorized access and exfiltration of sensitive information belonging to users affiliated with the PTA.
The breach allegedly encompassed several databases maintained by the PTA, each containing a wealth of personal and institutional data. Among the datasets reported to have been exposed are:
1. COIAdditionalInsured.csv
Rows: Approximately 70,000
Headers:
“COIAddtInsdID”, “MCID”, “PID”, “COIAIIssueDate”, “COIAICertHolderAsAI”, “COIAIRevised”, “COIAIRevisedDate”, “COIAIName1”, “COIAIName2”, “COIAIAddress1”, “COIAIAddress2”, “COIAICity”, “COIAIState”, “COIAIZipCode”, “COIAIEmail”, “COIAIAttention”, “COIAIOrder”, “COIAISpecWord”, “COIAIInterestToInsured”, “COIAICreatedDate”, “COIAICreatedBy”, “COIAILastModifiedDate”, “COIAILastModifiedBy”, “COICopyToRenewalPolicy”, “EndNumAI”, “CENumAI”, “AIName1”, “AIAddress1”, “AICity”, “AIAddress2”, “AIAttention”, “AIState”, “AIZipCode”, “AIActivityLocation”, “CID”, “ChgEndNumAI”, “ExpToCEDate”, “Upload_Key”, “COIAINote”, “FirstSave”, “COICancelled”, “COIFontSizeID”, “COIEditOutside”, “COIWaiverOfSub”, “COIBlanketAI”, “COIAIFileName”, “COICreateCENum”, “COIPNC”, “COIAIEnd”, “COIPolicyFormWording”, “COIPolicyFormWordingID”, “COIAIChildCancelled”, “WordingDefaultSet”, “COIIgnoreLimits”
2. Colleges.csv
Rows: Approximately 22,000
Headers:
“Institution_ID”, “Institution_Name”, “Institution_Address”, “Institution_City”, “Institution_State”, “Institution_Zip”, “Institution_Phone”, “Institution_OPEID”, “Institution_IPEDS_UnitID”, “Institution_Web_Address”, “Campus_ID”, “Campus_Name”, “Campus_Address”, “Campus_City”, “Campus_State”, “Campus_Zip”, “Campus_IPEDS_UnitID”, “Accreditation_Type”, “Agency_Name”, “Agency_Status”, “Program_Name”, “Accreditation_Status”, “Accreditation_Date_Type”, “Periods”, “Last Action”, “Action Date”, “Justification”, “Other_Justification”, “Justification_Url”
3. MasterClient.csv
Rows: Approximately 2,200
Headers:
“MCID”, “InsuredName”, “DirectorName”, “UniversityID”, “InsAdd1”, “InsAdd2”, “InsCity”, “InsStateID”, “InsZipCode”, “HomePhone”, “CellPhone”, “WorkPhone”, “Fax”, “Email”, “AgentID”, “BrokerPercent”, “Memo”, “CreatedBy”, “CreatedDate”, “LastModifiedBy”, “LastModifiedDate”
4. Medical.csv
Rows: Approximately 6,400
Headers:
“MedicalID”, “PID”, “MCID”, “PolicyLOBID”, “PolicyNum”, “MedRenewal”, “MedIsPolicyExcess”, “MedPerParticipants”, “MedIsPaymentDeposit”, “MedPremToCarrier”, “PmtNumIDMedPremToCarrier”, “MedCommMedical”, “MedDiscountPercent”, “MedNotes”, “MedCreatedDate”, “MedCreatedBy”, “MedLastModifiedDate”, “MedLastModifiedBy”, “FirstSave”, “MedIssuedDate”, “DateMapping”, “ExcludeFromCert”, “OldMedicalID”, “OldCarrierID”
5. Payment.csv
Rows: Approximately 11,800
Headers:
“PaymentID”, “PID”, “MCID”, “PolicyLOBID”, “PMTCheckDate”, “PMTCheckNum”, “PMTPaidAmount”, “PMTDepositDate”, “PMTQBID”, “PMTPayTypeID”, “PMTCheckRequsted”, “LiabEndNum”, “MedEndNum”, “PMTComment”, “PMTSplitCheckAmt”, “PMTSplitCheckRef”, “PMTLiability”, “PMTMedical”, “PMTAdminFee”, “PMTBrokerNet”, “PMTPremRsrv”, “PMTOverShort”, “PMTCrCardFee”, “PMTSLTaxes”, “PMTSLStampingFee”, “PMTSLBMAFee”, “PMTSLFireTax”, “PMTSLFireTaxEquipment”, “PMTSLFlatFee”, “PMTSLKYSurcharge”, “PMTNewSurplusLineName”, “PMTNewSurplusLineFee”, “PMTNewSurplusLineName2”, “PMTNewSurplusLineFee2”, “PMTBMIComm”, “PMTMiscEndFees”, “PMTPremFinAmount”, “PMTDirectComm”, “PMTGLPaidGross”, “PMTGLInvoiceNum”, “PMTGLPaidDate”, “PMTGLPaidBMICheckNum”, “PMTGLPremium”, “PMTLiabilityCommPercent”, “PMTMedPaidGross”, “PMTMedInvoiceNum”, “PMTMedPaidDate”, “PMTMedPaidBMIChNum”, “PMTMedPremium”, “PMTMedicalCommPercent”, “PMTAgtComAfDue”, “PMTComPaidDate”, “PMTAgentComPaid”, “PMTAgentComChNum”, “PMTSLTaxPaidDate”, “PMTSLFireTaxPaidDate”, “PMTSLStampingFeePaidDate”, “PMTSLFireTaxEquipPaidDate”, “PMTSLFlatFeePaidDate”, “PMTSLBMAFeePaidDate”, “PMTSLKYSurchargePaidDate”, “PMTNewSurplusLinePaidDate”, “PMTNewSurplusLinePaidDate2”, “PMTNum”, “PMTPayor”, “PMTLiabPLOBID”, “PMTQPLiabLOBID”, “PMTMedPLOBID”, “PMTQPMedLOBID”, “FirstSave”, “PMTCreatedDate”, “PMTCreatedBy”, “PMTLastModifiedDate”, “PMTLastModifiedBy”, “PMTInitialPremium”, “Cancelled”, “ImportFromAccess”, “PMTNoMoney”, “PMTNoMoneySent”, “SystemInitPrem”, “OldPaymentID”, “LiabCarrierPaid”, “MedCarrierPaid”, “PaymentTracer”
6. PTO.csv
Rows: Approximately 17,000
Headers:
“PTOID”, “MCID”, “PID”, “PTOEnteredDate”, “PTOSID”, “PTOEndReqd”, “PTOCancelled”, “PTOFirstName”, “PTOLastName”, “PTOEmail”, “PTOGroupName”, “PTOInclAddressWithGroupName”, “PTOSchoolName”, “PTOSchoolAddress1”, “PTOSchoolAddress2”, “PTOSchoolCity”, “PTOSchoolState”, “PTOSchoolZipCode”, “PTOAICHName”, “PTOAICHFileName”, “PTOAICHAdd1”, “PTOAICHAdd2”, “PTOAICHCity”, “PTOAICHState”, “PTOAICHZipCode”, “PTOCoverageType1ID”, “PTOEffectiveDate1”, “PTOExpirationDate1”, “PTOCoverageChangedOn1”, “PTOCoverageType2ID”, “PTOEffectiveDate2”, “PTOExpirationDate2”, “PTOCoverageChangedOn2”, “PTOCoverageType3ID”, “PTOEffectiveDate3”, “PTOExpirationDate3”, “PTOCoverageChangedOn3”, “PTOCoverageType4ID”, “PTOEffectiveDate4”, “PTOExpirationDate4”, “PTOCoverageChangedOn4”, “PTOCoverageType5ID”, “PTOEffectiveDate5”, “PTOExpirationDate5”, “PTOCoverageChangedOn5”, “PTOSpecialWording”, “PTOCreatedDate”, “PTOCreatedBy”, “PTOLastModifiedDate”, “PTOLastModifiedBy”, “PTOImportName”, “PTOCertDescOfOpsFontSizeID”, “PTONotes”, “CertsLiabSpecID”, “EditOutsideProgram”, “PTOPaidOn”, “ImportFromOldPTO”, “PTOCertID”, “ImportAsCancelled”, “IgnoreLimits”, “DescOfOpsHistory”, “FirstSave”
With such vast amounts of sensitive information potentially compromised, concerns regarding data privacy, security, and the potential for identity theft loom large. Affected individuals and organizations may face significant challenges in mitigating the fallout from this breach, including safeguarding personal information, addressing regulatory compliance issues, and rebuilding trust among stakeholders.
