In news first brought to my attention via Defcon Lab, a member of the hacking group “HYS Team” going by the name of “L1R4” has claimed responsibility for a major data breach effecting the Brasilian Ministry of Health. Included in a leak first published to Ghostbin by another member of HYS Team going by the name “Sr. Alto,” the document contains approximately 1,200 records – including CNES, CPF / CNPJ, addresses, telephone contacts, banking details and much more.
Additionally, as was explained by Defcon Labs, “there is evidence to suggest that the volume of data accessed exceeds 45,000 records from that database.” Adding that other than taking the hacker at their word, “there is also no information indicating that SUS systems were the at the origin of the data.” However, it is highly suspected that the hacker stole the data from various clinics, medical offices and hospitals across Brasil, all connected the SUS’s online web portal. The hacker also failed to disclose how SUS systems were compromised in the first place.
Raw Leak: https://ghostbin.com/paste/4aysz
Leak Backup – Browse Through Leak:
1200 linhas com dados do SUS.
— Sr Alto (@sralto_oficial) January 25, 2019
Vazamento de dados que seriam de um sistema do #SUS (@minsaude) – 1.200 registros publicados com dados de clínicas/médicos/hospitais. Mais 45.000 estariam em posse do #HYSTeam @SrAlto1 #vazamento #hacked #leak #hackostentaçãohttps://t.co/Cq4OmBcp5a
— DefCon Lab (@LabDefCon) January 25, 2019