Hackers Steal Data From Israeli Car Financing CompanyK.L.S. Capital Reportedly Did Not Pay Ransom
Israeli car financing company K.L.S. Capital Ltd. says that on March 10, hackers stole customer information, ID photos, vehicle licenses, scans of checks and loan information from its servers.
"Upon discovery of the break-in, the company immediately acted to close the break-in and the information leak was stopped," the company says in a statement. "At the same time, the company began investigating the breach with the help of external cyber experts and in collaboration with the national cyber system."
In a Telegram post on Saturday morning, the Black Shadow hacking group claimed that it hacked K.L.S. Capital and stole client data. In December 2020, the group leaked thousands of documents containing personal information on the customers of Israel’s Shirbit insurance company.
The hacking group claimed that it had "destroyed" servers belonging to the car financing company because it failed to pay a ransom. Black Shadow waited 72 hours for the company to pay a $10,000 ransom in bitcoin, according to The Jerusalem Post.
Black Shadow initially released blurred photographs of the identification cards of two people who work with the company in an attempt to get K.L.S. Capital to pay a ransom, says Lewis Jones, a threat intelligence analyst at Talion.
"However, as seen by the previous ransomware attacks by the group, the company should be mindful that paying the ransom does not provide any guarantee that the data will be deleted and will not be published in the future," Jones says.
K.L.S. Capital has 26,000 customers and executes thousands of new vehicle transactions every year, according to its website.
'We Took a Heavy Blow'
“We’re sadly not so OK. We took a heavy blow from Iranian hackers who apparently are seeking to attack the State of Israel, and they care less about the money,” K.L.S. Capital's CEO, Omer Maman, told The Jerusalem Post. “Sadly they caused us a lot of damage, but it’s not something that we won’t know how to handle on the systems level. And we’ll set up new systems soon that are more secure and, I hope, more protected, even though it’s difficult to handle such large budgets of such Iranian attackers.”
Later on Saturday afternoon, Black Shadow released screenshots, allegedly of its email conversations with the company, in which it demanded $10,000 in bitcoin and warned the company that it would release more data if it wasn’t paid.
The Jerusalem Post reported that on Sunday, Israel’s Privacy Protection Authority announced that it was investigating the incident and that it may not approve the reactivation of K.L.S. Capital's systems until any issues that could lead to further data leaks are resolved.
"The motivation for the attack appears to be hacktivism," Jones of Talion says. "And, over the last 12 months, we have seen several attacks on Israeli businesses by Iranian threat actors. This attack appears to be the same approach as the attack by Black Shadow in December 2020, when it targeted an insurance company, also based in Israel."