A threat actor has allegedly leaked the database of La Mundial de Seguros, a major insurance provider headquartered in Panama. The data was posted on a popular dark web forum, exposing sensitive information belonging to the company’s customers and advisers. La Mundial de Seguros is a significant player in the Panamanian insurance market, offering a wide range of products including life, health, auto, and commercial insurance. As a custodian of highly sensitive personal and financial information, a breach of this nature could have severe consequences for its clients.
The threat actor published samples of the database to prove their claims. The leaked data allegedly originates from several database tables and contains a substantial amount of Personally Identifiable Information (PII) and internal records. The exposure of such data puts affected individuals at a high risk of targeted phishing attacks, identity theft, and other fraudulent activities. The inclusion of adviser credentials, even if hashed, could potentially provide a pathway for further unauthorized access into the company’s systems if the passwords are weak.
Based on the samples provided by the cybercriminal, the compromised information allegedly includes:
- Customer/Quoter Information: Full names, email addresses, dates of birth, and country of residence.
- Payment Link Data: Internal payment tokens and identifiers.
- Insurance Adviser Data: Full names, email addresses, and hashed passwords.
