Details of a ransomware attack on the Scottish Environmental Protection Agency (SEPA) where 1.2GB of confidential data was encrypted on Christmas Eve are emerging. The attack has left SEPA unable to access most of their systems including email and impacted essential service provision such as flood alerts for storm Christoph.

As SEPA stated they would not be paying the ransom, the thieves have begun posting thousands of confidential stolen documents online including business information, personal staff information, and enforcement notices.

Last month a similar attack on UK company The People’s Energy, allowed hackers to ransack their entire database; Including the names, addresses, date of birth and phone numbers of all 270,000 customers and the bank account details of business customers.

While most of those affected are unlikely to face any direct financial risk, by having their data stolen this leaves them more vulnerable to phishing attacks and can also leave their employer more vulnerable to attacks from hackers.

While the focus of data breaches is often on mistakes the company may have made with their cybersecurity and punishing them, there is often less thought on their clients details forever available on the Dark Web for any hacker to use – for identity theft and Business Email Compromise.

Request your 100% Confidential Dark Web Report and Action Plan at

Ransomware Pivots To Data Leakage

The last year has been significant in many ways, and for corporate data breaches this has included the rise of data exfiltration combined with ransomware, where hackers threaten that so if payment is not made the stolen information is liable to appear on hacker site on the Dark Web.

Up to 350,000 customers, business partners, and other employees of gaming giant CAPCOM risk having their personal information (name, address, birthday, phone number and email) posted on the Dark Web.

A data dump following a ransomware attack on Hackney Council contains a significant amount of Personally Identifiable Information (PII) including passport data, scans of tenancy documents, staff data, and information on community safety.

A database containing 8.3 million user records stolen from leading stock photo site 123rf  appeared on Dark Web sites in Nov 2020. Including users full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. While the passwords were encrypted, online MD5 cracking tools could easily retrieve the plain-text passwords.

Highly popular collaboration and editing provider Nitro PDF had 1TB of documents exfiltrated from their cloud service in Oct 2020. Nitro PDF is used by tens of thousands of business customers, including the likes of Google, Apple, Microsoft, Case and Citibank, and 1.8m licensed users.

What Came Before

You cannot discount the continuing effects of past MEGA data breeches including:

  • Drizly – Jul 2020 - Online alcohol delivery firm Drizly was hit by a data breach where the hacker took customer email addresses, hashed passwords, date-of-birth, phone number, IP address, and in some cases, delivery address from 2.5M accounts.
  • LiveAuctioneers – Jul 2020 – A breach at one of their “data processing providers” left the personal data of 3.4M users including: names, email addresses, mailing addresses, phone numbers and cracked passwords.
  • Covve – May 2020 - Business relationship management (aka address book) app, left an unprotected database containing the names, job titles, email addresses, phone numbers, and addresses of 23 million individua, which are now readily available on the Dark Web.
  • Mathway – Jan 2020 – The useful maths solving utility Mathway had 25 million email addresses and salted passwords of users stolen by hacking group Shiny Hunters in Jan 2020, though the breach was not investigated for 5 months.
  • Zynga – Sep 2019 – 173m users of online game company Zynga, affecting players of Draw Something and Words With Friends may have been accessed such as email addresses, usernames, passwords and more.
  • Cafepress – Feb 2019 – custom merchandise company – over 23 million records including unique email addresses, names, physical addresses, phone numbers, and passwords.
  • Houzz – Jan 2019 – Interior decorating website Houzz issued a notice that user data – including usernames, passwords and IP addresses – had been accessed by an “unauthorized third party.”
  • Canva – May 2019 – Popular graphics design tool website Canva suffered an attack that exposed emails, names, addresses, passwords, and Google OAuth tokens of 137 million users.
  • Zynga – Sep 2019 – 218 million user accounts for the players of games such as Farmville and Words with Friends had their emails, passwords and phone numbers exposed.
  • – Aug 2018 - Sales intelligence (Data aggregator) firm Apollo left a "staggering amount" of data exposed online, including 125 million email addresses and nine billion data points.
  • My Fitness Pal – Feb 2018 – The 150 million users of the UnderArmor owned exercise encouraging app had their email addresses, IP addresses and passwords released on the Dark Web.
  • Ashley Madison - 2015 – a group calling itself “The Impact Team” stole the user data of this extramarital affairs site, and released more than 60 gigabytes including names, home addresses, search history and credit card transaction records.
  • LinkedIn - 2012 & 2016 – Some 165 million professional social networkers had their email addresses and passwords were stolen by attackers and posted onto a Russian hacker forum.
  • Adobe – Oct 2013 – Hackers stole 153 million Adobe user records including nearly 3 million encrypted customer credit card records.

Your Employees Credentials Have Been Compromised – Now What?

The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot ­file a complaint or contact a support line to demand your data be removed.

Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data.

IT Genie offer businesses a free Dark Web scan to highlight your employee’s credentials available on the Dark Web and provide a custom corrective action plan for your business. Allowing you to adopt a more proactive and preventative approach to your business’ cybersecurity strategies moving forward.

Gain Peace of Mind with Our 100% Confidential Dark Web Reports – Request your free Dark Web report and Action Plan at, by phone on 0345 0945 353 or email