{ "id": "ca8afd69-6587-4fe8-b3ef-f303c394c8a0", "created_at": "2026-04-09T02:24:05.602285Z", "updated_at": "2026-04-10T03:31:32.080507Z", "deleted_at": null, "sha1_hash": "592d3d6401dd9531e7cad328088fa107cfaaa0ae", "title": "Bits 'n Pieces (Trozos y Piezas) - DataBreaches.Net", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 330679, "plain_text": "Bits 'n Pieces (Trozos y Piezas) - DataBreaches.Net\r\nPublished: 2023-03-10 · Archived: 2026-04-09 02:00:18 UTC\r\nCL: BlackCat confirms attack on Fonasa\r\nDataBreaches recently reported a malware attack on Chile’s National Health Fund (FONASA). There is an update\r\nto report:\r\nIn a chat on Tox, BlackCat confirmed to DataBreaches that they are responsible for the attack and they say that\r\nthey will announce it soon on their leaks page. A spokesperson for the group told DataBreaches that they are not\r\ngiving Fonasa any more time to respond because they have not heard from them at all.\r\nAs partial proof of their claims, they provided this site with some files.  DataBreaches was shown a screenshot of\r\na directory of files as well as some correspondence with the names, addresses, and city of Fonasa health\r\nbeneficiaries.\r\nThe correspondence below is a letter concerning a co-pay for services for a beneficiary:\r\nhttps://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/\r\nPage 1 of 5\n\nFile provided by BlackCat, redacted By Databreaches.net.\r\nOther files provided to DataBreaches were from visit reports and included personal data of employees such as\r\nnames, IDs, and signatures.\r\nNeither Fonasa nor CSIRT have provided any more details about this incident since reporting on the steps and\r\nlegal action they initiated.\r\nPE: Dark Power claims attack on Peruvian reconstruction agency\r\nAutoridad para la Reconstrucción con Cambios (ARCC) is the Peruvian entity in charge of leading and\r\nimplementing the Integral Plan for Reconstruction with Changes (PIRCC) of all the physical infrastructure\r\ndamaged and destroyed by the El Niño Costero phenomenon in 13 regions of the country.\r\nThis institution was listed on or about March 9  on a leak site of a new group called Dark Power.  Unlike other\r\ngroups, Dark Power invites people to contact them on Tox to download files, but they were not online whenever\r\nDataBreaches attempted to contact them.\r\nhttps://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/\r\nPage 2 of 5\n\nOn March 9, DataBreaches sent an email to the RCC asking them about this incident. No reply was received.\r\nBecause there was no notice on their website or social media, DataBreaches also alerted Peru’s National Center\r\nfor Digital Security (CNSD) of the claimed attack and data offer. CNSD thanked DataBreaches for the\r\nnotification, writing, hey  “Thank you for the information provided, we will coordinate with the affected entity, to\r\nprovide attention to the reported security incident.”\r\nEC: Data on vaccinated Ecuadorians offered for sale (Disputed)\r\nA database called Covid-19 allegedly from the Ministry of Public Health in Ecuador has been listed for sale on a\r\npopular forum by KelvinSecurity.\r\nThe March 5 listing claims the database contains these data fields:\r\n Year_v Month_v Day V Hour V Vaccination Point Unicode Establishment Zone District Province\r\nCanton Surnames Names Type Identification Number Document Sex Year Nac Month Nac Day Nac\r\nNationality Conventional Telephone Cellular Telephone Email Population Vaccinate Vaccination Phase\r\nName Vaccine Lot Dose Applied Was Scheduled Vaccinator Ced Vaccinator Name Enterer ID Enterer\r\nHad Covid Ethnic Self-identification Ethnic Nationality Kichwa Peoples Risk Group Exterior Vaccine\r\nExterior Lot Exterior Dose Exterior Vaccine Date Exterior Country.\r\nIn a March 6 announcement on Twitter, the Ministry of Public Health of Ecuador appeared to deny any breach\r\n(translation):\r\nhttps://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/\r\nPage 3 of 5\n\nMSP confirms that there is no vulnerability to its computer systems\r\nThe Ministry of Public Health (MSP) informs that, in relation to the publications generated on social\r\nnetworks about an alleged leak of the institution’s database, there is NO violation of its computer\r\nsystems and, therefore, the information that is hosted on The technological infrastructure is protected in\r\naccordance with governmental and international regulations and the industry’s own computer protocols.\r\nWe urge citizens not to be deceived with the delivery of information. The illegal disclosure of databases\r\nis sanctioned by the Comprehensive Organic Penal Code (COIP) as well as by the Organic Law for the\r\nProtection of Personal Data that regulates the confidentiality of data and that they are used for the\r\npurposes for which they were created.\r\nThis State portfolio maintains in force the strategies and mechanisms that guarantee the confidentiality,\r\nintegrity and availability of information in strict adherence to the law.\r\nGovernment of Ecuador\r\nGuillermo lasso PRESIDENT\r\nSo where does the government believe the data came from? Are they suggesting the data is fake?  DataBreaches\r\nfound real names associated with RUC in the sample data provided by KelvinSecurity but did not contact anyone\r\nto ask about their vaccination status.\r\nDataBreaches also reached out to KelvinSecurity to ask for their response to the government’s denial or for more\r\ninformation about how they acquired the data. They responded, “it is better that they continue to believe that than\r\nif I can negotiate the sale of the files.”\r\nCO: Sensitive and exposed data from  ICETEX\r\nICETEX is a Colombian entity that promotes higher education and facilitates access to educational opportunities\r\noffered by the international community to improve the quality of life of Colombians.\r\nAn Icetex user who discovered a bug that exposes people’s data reported it to Icetex, but got no response. The user\r\nthen reported the bug to muchohacker.lol to call attention to the problem and Icetex’s failure to address it. \r\n MuchoHacker.lol investigated the claimed vulnerability and reported:\r\n“MuchoHacker.lol verified that the warning is true and without any kind of technical or ‘hacked’\r\nknowledge was able to access more than 10 documents with private and sensitive information such as\r\nID, letters of recommendation from a person with the last name Figueroa are online. There You can read\r\nyour personal data as well as the information of those who confirm that the Icetex user has been doing\r\ncultural work in the town of Suba, as well as Datacredito statements, letters from international\r\nuniversities, among others, which are just a click away. “\r\nAccording to the user who discovered the problem, there are 104,747 documents online without any type of\r\nprotection. Icetex responded by saying they were going to address the problem. It is not known for how long these\r\ndata have been improperly secured or whether the data have been accessed by criminals.\r\nhttps://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/\r\nPage 4 of 5\n\nEdited by Dissent.\r\nSource: https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/\r\nhttps://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.databreaches.net/bits-n-pieces-trozos-y-piezas-31/" ], "report_names": [ "bits-n-pieces-trozos-y-piezas-31" ], "threat_actors": [ { "id": "63f532e6-4b4a-4f17-bbff-8517f0dd1868", "created_at": "2024-01-09T02:00:04.192588Z", "updated_at": "2026-04-10T02:00:03.507424Z", "deleted_at": null, "main_name": "KelvinSecurity", "aliases": [], "source_name": "MISPGALAXY:KelvinSecurity", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775701445, "ts_updated_at": 1775791892, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/592d3d6401dd9531e7cad328088fa107cfaaa0ae.pdf", "text": "https://archive.orkl.eu/592d3d6401dd9531e7cad328088fa107cfaaa0ae.txt", "img": "https://archive.orkl.eu/592d3d6401dd9531e7cad328088fa107cfaaa0ae.jpg" } }