- The Everest ransomware gang claims to have stolen over 80,000 internal files from Money Mart.
- Stolen data includes sensitive customer and employee financial and identification records.
- Money Mart has until November 30 to make contact before the data is published online.
Money Mart, a North American financial service, was hit by a data breach, and the notorious ransomware gang Everest claims responsibility.
In a recent post on a leak site, they claimed to have obtained massive private information and threatened to dump it unless their demands were met.
The Everest Ransomware Claim
The “same-day” financial services chain appeared on the gang’s dark web site. Everest ransomware made the announcement on Tuesday. They posted samples of the data they claim to have stolen.
Money Mart provides payday loans and check cashing. It has about 400 locations across the US and Canada. The hackers say they took 80,000 files from a company database.
They gave Money Mart a deadline. The company has until November 30 to get in touch. A countdown clock on the leak site emphasizes this threat.
The gang’s message was direct. It said a company representative should contact them before time runs out. They provided a Qtox ID for communication.
The threat doesn’t end with their own site. The group warned that after full publication, they will duplicate the data. Hackers will spread it across various forums and leak sites.
A Plethora of Stolen Personal Data
The amount of stolen information is vast. Everest broke it down into seven detailed categories. The data comes from both US and Canadian operations.
Security researchers who viewed the samples confirm an abundance of sensitive information was taken – think names, addresses, and dates of birth of customers. The breach also compromised driver’s license numbers and email addresses.
The financial data is particularly alarming. The leak exposes partial credit card numbers and account credit limits. The attackers also stole financial transactions and billing invoices.
Transaction details for services like check cashing are include. These show dates, amounts, and partial account numbers. Breach also exposed employee ID numbers linked to these transactions.
The breach also affected Money Mart employees and did not spare their personal data. The breach includes employee ID numbers, work emails, and employment history. Attackers also took start dates and termination details.
Everest’s Growing Threat
This attack is part of a worrying pattern. The Everest ransomware group is a growing force. Experts believe they have ties to Russia.
Their activity has been intense. They have claimed over 250 victims since 2023. In just the last twelve months, they have posted over 100 victims on their leak site. Their targets are increasingly diverse, showing a strategy of attacking critical sectors worldwide. Just as they’ve now hit the financial sector with Money Mart, they’ve previously targeted essential services like education, evidenced by their attack that leaked over 500 staff credentials from Ghanaian institutions.
They have recently targeted other major names. These include the activewear brand Under Armour and Brazilian petroleum giant Petrobras.
In October, they hit Collins Aerospace. That attack caused travel chaos across European airports.
The financially motivated group continues to evolve. Their attack on Money Mart shows they are actively targeting financial service providers. This puts a huge amount of consumer financial data at risk.
