A group of threat actors have hacked into Perceptics, the most-used car plate license reader manufacturer in the United States; according to web application penetration testing specialists hackers accessed the company’s internal files and published them for free download in various dark web forums.
Last Thursday, a group of hackers, self-appointed as “Boris Bullet-Dodge”, contacted multiple members of the cybersecurity community to announce the hacking incident; ackers sent a sample of the files extracted from Perceptics’s corporate networks to demonstrate the veracity of their claims. It is believed that this group of threat actors was also involved in a security incident last month.
The exposed information include files with different extensions (.xlsx,.jpg,.docx,.mp4, etc) with location names, zip codes, files related to the company’s government clients and evidence material, report the web application penetration testing specialists.
Exposed files, equivalent to hundreds of GB of information, include Microsoft Exchange databases, human resource records, Microsoft Server data stores, and more. Confidential details of the company, such as financial figures and personal information, are currently available in multiple compressed files format in various hacking forums on dark web.
Given the nature of the business of the company, dedicated to tasks such as the acquisition of border security data, commercial vehicle inspection, electronic payment of highway fees and road monitoring, web application penetration testing specialists believe that a considerable amount of confidential information is likely to have been exposed.
A spokeswoman for Perceptics confirmed that the company was aware of the state of security in its networks. “We are collaborating with federal authorities in investigating the incident; that’s all we can say for now”, concluded the spokesperson.
According to the experts from the International Institute of Cyber Security (IICS), the company’s website redirects visitors to the Google home page, so it is believed that the organization still fails to restore all of its systems. More details are expected in the coming days.