This is apparent from research by RTL Nieuws, which has viewed and verified the stolen data. The files are published on the dark web, the hidden part of the internet.
On March 27, the cyber criminals of ransomware group Conti took part of the servers of IT company The Sourcing Company, which provides digital services to many housing associations, hostage.
In total, 200 gigabytes of data were stolen from various organizations, of which about 8 gigabytes have now been put online.
–
–
Eight organizations affected
The eight housing associations affected are Laurentius (Breda), Alwel (Roosendaal), Zayaz (Den Bosch), Trivire (Dordrecht), De Woningstichting (Wageningen), Brederode Wonen (Bloemendaal), L’Escaut (Vlissingen) and QuaWonen (Bergambacht).
Collectively, the organizations are responsible for more than 75,000 homes and the private data of their customers. The organizations reported the attack to the Dutch Data Protection Authority and informed tenants about the attack.
–
–
Copies of passports
In the data published by Conti, copies of passports and driving licenses can be found that can be used for identity theft. These are copies that were used when someone wanted to join an Owners’ Association (VvE) of one of the housing corporation’s buildings.
The stolen copies come from QuaWonen’s systems, some copies even date from 2016. A spokesperson acknowledges that QuaWonen has kept copies for ‘far too long’ and that they should have removed this data immediately after the VvE registration: “There we are error.” The copies will now be removed and the victims informed.
A single copy is watermarked, making the copy more difficult to misuse. You can add a watermark with, for example, the free app CopyID from the government.
–
–
Bank details
In addition to copies of passports, bank details of tenants have also been leaked by Conti. This data is worth gold to criminals because it is misused for highly targeted phishing attacks, for example messages that contain the correct IBAN number in addition to the correct name.
Also, the full names, residential addresses, phone numbers, email addresses and in some cases social security numbers of customers have been published by the criminals. This kind of private data is stored in large Excel files, among other things.
–
–
Do not pay
The housing associations have jointly announced the ransom – according to BN de Stem, there will be 15 million euros demanded – not to pay. The organizations state that they are still investigating exactly which data has fallen into criminal hands.
The Sourcing Company has been working for more than a week to restore the systems and restore backups. Some of the online backups were taken hostage, but the company also had offline backups that could be restored, says Johan van der Blom, managing partner at The Sourcing Company.
–
–
Chopped
How Conti’s criminals got into The Sourcing Company is currently under investigation by cybersecurity firm Northwave. “At Conti it is always one of the three well-known hacking methods: via a vulnerability in software, via phishing or via a leaked password,” says director Pim Takkenberg.
Conti was asked by RTL Nieuws for a response, but did not respond. The organization is known for leaking more and more data in the hope that victims will still pay.
–
–
Conti
Conti is one of the most successful and active ransomware groups currently active and has its roots in Russia. It’s also one of the most infamous, in part due to their tough negotiations and their attacking hospitals specifically during the pandemic.
Conti has also publicly expressed his support for Russia in the war with Ukraine. Shortly afterwards, the internal chat messages of Conti members leaked by an anonymous researcher who claims to be from Ukraine. Despite this major leak, Conti is still active.
–
–