Alleged Data Leaks Across Major Industries; PwC, Shell, Decathlon Among Firms Facing Compromise

The SOCRadar Dark Web Team has uncovered multiple high-profile data breaches involving major corporations from diverse sectors, including accounting, energy, retail, aviation, and financial services.

Recent claims highlight alleged but significant leaks at PwC, Shell, Decathlon Spain, Riyadh Airport, and massive data offerings purportedly from QuoteWizard and LendingTree.

These incidents reveal extensive vulnerabilities and the potential for vast misuse of sensitive data, potentially affecting millions of individuals worldwide.

Receive a Free Dark Web Report for Your Organization:

Threat Actor Claims a PwC Data Breach

The SOCRadar Dark Web team detected that a new threat actor on a hacker forum has claimed to have disseminated 255GB of data allegedly originating from PricewaterhouseCoopers (PwC), a prominent global accounting firm. This data purportedly encompasses 18,900 internal files, including client reviews, HR documents, and employee file shares. The threat actor is offering this data in exchange for forum credits, which raises significant concerns regarding the unauthorized access and potential misuse of highly confidential information.

Shell Customer Database Allegedly Compromised, Leaked

The SOCRadar Dark Web Team identified a post on a hacker forum in which a threat actor alleges they have leaked a customer database from Shell. The threat actor alleges that the data, belonging to the British multinational oil and gas company, was compromised in a breach that occurred in May 2024. The leak reportedly includes 80,000 rows of sensitive information.

The compromised data includes shopper codes, first and last names, statuses, shopper emails, contact mobiles, postcodes, and more.

According to the threat actor, the countries affected by the breach include the UK, Australia, France, India, Singapore, Philippines, Netherlands, Malaysia, and Canada. However, it is interesting to note that the number of affected rows is only 80,000, which seems low given the number of countries involved.

Alleged Database Leak of Decathlon

The SOCRadar Dark Web Team discovered a post on a hacker forum in which a threat actor claims to have leaked a database belonging to Decathlon Spain. The alleged leak includes sensitive information such as employee email addresses, headquarters details, and transportation activities.

According to the threat actor, Decathlon Spain suffered a data breach in May 2024, exposing the information of 6,644 employees. This data was then published on a popular hacking forum.

Riyadh Airport Employee Database Allegedly Leaked

The SOCRadar Dark Web Team found a post on a hacker forum where a threat actor purports to have leaked a database of Riyadh Airport employees. The alleged leak includes sensitive information such as employee numbers, full names, email addresses, and mobile numbers. According to the threat actor, the breach occurred in May 2024, affecting a total of 864 employees.

Threat Actor Offers Data, Allegedly of QuoteWizard and LendingTree

The SOCRadar Dark Web Team came across a post on a hacker forum in which a threat actor asserts they have leaked a database from QuoteWizard.com and LendingTree. In a significant claim circulating on a dark web forum, a threat actor alleges to have obtained a vast amount of data from these two prominent companies in the insurance and financial services sectors. The data, which purportedly spans 2TB when compressed, is said to include highly sensitive personal information on 190 million individuals and 3 billion tracking pixel data records.

According to the threat actor, the data set includes:

• Full customer details.
• Partial credit card details (with only the middle 5 numbers masked).
• Auto history and driving records
• Personal background information needed for insurance quotes
• 3 billion tracking pixels with PII and IP details for online tracking

The threat actor is offering it for $2 million. They provided a sample file link and specified contact via XMPP for purchase, requiring a middleman for the transaction.

According to the threat actor, the data is claimed to include information from multiple insurance carriers, such as Allstate, State Farm, Progressive, EJI Insurance, Bristol West, Farmers, Goosehead Insurance, Liberty Mutual, Amanda Nguyen Insurance, and Julie Tilbiyan Insurance.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.