A threat actor has claimed responsibility for leaking a database purportedly sourced from Russian CityMed Medical Centers, accessible through the domain medcentr-sitimed.ru. The leak, dated March 17, 2024, is reported to be in CSV format and comprises approximately 826,000 lines of data. Among the leaked information are individuals’ full names, dates of birth, ages, insurance numbers (СНИЛС), phone numbers (253K unique), and email addresses (82K unique), along with details such as medical center branch, passport information, employer, job title, and registration and living addresses (often identical).
Additionally, the leaked data reportedly includes bonus information such as details of partners (239 lines), including entity names, taxpayer numbers, responsible employees, and financial reports, as well as user records (actual and former) (1.5K lines), encompassing login credentials, full names/descriptions, job titles, contact numbers, and the medical branches accessible to each user. Furthermore, a financial report for February 2024 is said to be part of the leaked data.