Personal information including ID numbers, drivers’ licenses and registration forms have been leaked after a recent cyberattack on the Shirbit insurance company.
The National Cyber Directorate and Capital Market Authority said on Tuesday that it was working with the company to investigate the suspected attack and that an initial probe found that insurance details were also leaked.
The company reportedly has many government employees among its clients, including the president of the Tel Aviv District Court, Gilad Noitel.
A hacker group called BlackShadow claimed credit for the attack, tweeting: “A huge cyberattack has been taken place by Black Shadow team. There has been a massive attack on the network infrastructure of Shirbit Company, which is in israel economic sphere [sic].”
The group additionally tweeted photos of ID cards, drivers licenses, emails and forms containing private information including names and addresses, as well as files containing additional data. BlackShadow claimed that the attack caused “serious damage to data centers” and that all of the customers’ and employees’ IDs had been hacked.
In a Telegram message to KAN, the group stated that they had other targets that they would disclose later and that they conducted the attack "for money," without further clarification.
The group’s Twitter account was subsequently suspended.
Although the National Cyber Directorate only announced the attack this morning, the hacker group posted the first leaked documents at around 9 PM on a Telegram channel on Monday evening.
Additional files, including faxes, were leaked to the public by BlackShadow later on Tuesday afternoon.
Shirbit’s site was taken offline temporarily on Tuesday morning to prevent additional attacks, company CEO Zvi Leibushor, told Channel 12. The company told KAN news that no information that was leaked could cause damage to customers.
“The Shirbit insurance company places the safety and service of its customers at the top of its priorities and is ranked year after year among the top insurance companies in Israel in its fields of activity,” Leibushor said in response to the incident.
“Shirbit has invested millions of shekels in securing databases and protecting against cyber attacks and meets all the stringent regulatory requirements in this area.”
Leibushor added that Shirbit is investing all resources and efforts needed for an “effective, safe and rapid solution to the cyber attack, whose real goal is to try to harm the Israeli economy.”
The attack comes amid a spike in ransomware attacks against insurance companies, with dozens of insurance companies in the US reporting ransomware attacks in just the past week, according to the ransomware removal and cyber security service MonsterCloud.
The attackers in the US have made ransom demands between 100,000 to millions of USD.
"Based on the recent attacks here in the US, the attacks are money driven, and even if the victim has a backup, the attacker will blackmail the victim for the ransom to prevent data leak which is huge when it comes to insurance companies. This is a new trend in the US. This type of attack is caused due to a lack of cyber security knowledge," said MonsterCloud CEO Zohar Pinhasi, to The Jerusalem Post, warning that "it seems the company has a long and turbulent road ahead."
The CEO added that it is unclear whether the same group is behind the attacks in the US, explaining that hacker groups tend to change their names often in order to protect themselves.
Pinhasi, a former IT security intelligence officer in the IDF, additionally claimed that there have been multiple successful cyberattacks against Israeli infrastructure in the past year that have not been revealed to the public.