A threat actor is claiming a major data breach against Sensory, an Israeli software house that provides IT services to gov.il and numerous municipalities. The actor is attempting to extort the company, having previously demanded $500,000 USD on October 25 with a 72-hour deadline.
Today, the actor escalated their threats as their deadline approaches. They posted an update indicating “24 hours left for negotiations” and released an additional 15GB of internal documents. This is on top of a 29.54 GB sample released on October 25, bringing the total publicly leaked data to over 44 GB.
The threat actor claims to have exfiltrated approximately 1TB of sensitive data. According to the actor’s initial post, the compromised data is highly sensitive and includes:
- Full citizen ID cards and scans
- Full source code
- Private medical documents and histories
- Financial records and documents
- Detailed information on children with disabilities
- Internal data from a majority of municipalities in Israel
