A threat actor has allegedly offered a database for sale containing the sensitive information of over 4,000 clients of Som Mobilitat. The victim, Som Mobilitat, is a non-profit consumer cooperative based in Catalonia, Spain, that provides electric car-sharing services. The organization is a key player in promoting sustainable and accessible mobility solutions in the region, operating with a community-focused model.
The data was advertised on a dark web forum, where the seller posted a sample and a list of database headers to prove their claim. The exposure of this information could place the cooperative’s members at significant risk of identity theft, phishing attacks, and financial fraud. The allegedly leaked data includes highly personal and financial details.
The compromised information allegedly includes:
- Full Names
- Email addresses
- National identity numbers (DNI/NIF)
- Phone numbers
- Dates of birth
- Physical addresses (street, postal code, city, province)
- Driver’s license expiration dates
- Full IBAN numbers
