A threat actor has claimed to have obtained and is now selling the full database of Rhithm, a wellness company that provides services primarily to K-12 students, staff, and administrators. The claim was made in a post on a dark web forum, where the individual is offering the database, allegedly containing information on 2 million users, for a price of $1,000. The post also offers database access for $2,000.
The threat actor’s post includes a link to a sample of the allegedly stolen data, hosted on a file-sharing website, which they claim to be a portion of the full database. The threat actor also shared a screenshot from the alleged breach.
For further inquiries, the threat actor provided a contact method via their username on the forum, though accessing such information comes with legal and ethical risks.