MANILA, Philippines – The National Privacy Commission (NPC) confirmed on Tuesday, June 18, it received a data breach notification report “from Maxicare Healthcare Corporation through the NPC’s Data Breach Notification Management System” on Sunday, June 16.
Details of Maxicare’s breach notification have not been published by the NPC.
However, cybersecurity enthusiast group Deep Web Konek posted on a blog post on June 18, an alleged screenshot of an email from Maxicare dated June 16, informing a member that an unauthorized actor had been able to access their member data on June 13, via a breach on the systems of a third-party partner known as Lab@Home.
The blog post also shared a screenshot from what appears to be an online forum post showing a user selling alleged Maxicare data totaling 33.3 MB, with the threat actor identifying itself as OPCODE-90.
Deep Web Konek also claimed that breached data includes complete names, Maxicare card numbers, addresses, and requested procedures.
We are reaching out to Maxicare for further details. This is a developing story. – Rappler.com