In a week when some big data breaches, like Ticketmaster and Santander, have already been disclosed and confirmed, yet another big breach is now being claimed.
An individual calling themself “Sp1d3r” claims to have acquired data on 190 million people who contacted QuoteWizard to get quotes on insurance. The threat actor claims the data includes:
190M Persons Data + 3Billion tracking pixel data (contains email, PII and IP for online tracking)
Data includes 190M Persons data with:
- Full customer details
- Partial CC details (only middle 5 numbers masked)
- Auto history, driving records
- Personal background information needed for insurance quotes
- 3 Billion tracking pixels from (contains PII, and IP / online tracking details)
Total data: 2TB compressed.
They are seeking $2 million USD for all of the data and provide a sample. Data Breach Times has not attempted to verify the sample data, but notes that entries in the downloadable sample have date stamps of May 7, 2024.
Neither QuoteWizard nor LendingTree has issued a statement about the claimed attack yet, so this claim should be considered unverified at this point. Inquiries sent to QuoteWizard and LendingTree received no immediate reply by publication.