Doxed ISIS Fighters, Leaked Complaints about Uber Rapes and 2.2M Cancer Patients Exposed to ID Theft

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches: 

ISIS Defector Doxes 22,000 Terrorists

Tens of thousands of extremists are named in files that were passed on to Sky News in a memory stick. The data was stolen from the head of Islamic State's internal security police, an organization described as the group's SS.

The individual had been entrusted to protect the organization’s core secrets and rarely parted with the drive.

The renegade who stole it is a Free Syrian Army convert to ISIS.

He claims the Islamic rules he believed in have totally collapsed inside the terrorist organization, prompting him to quit.

A Sky News reporter met him in a secret location in Turkey. Asked if the stolen files could bring the network down he nodded and said simply, "God willing.”

The documents, which are registration forms to join ISIS, cite names addresses, phone numbers and family contacts of jihadists.

The key revelation is the identification of a number of previously unknown members in the U.K., across northern Europe, much of the Middle East and North Africa, as well as in the United States and Canada.

"One of the files marked 'Martyrs' detailed a brigade manned entirely by fighters who wanted to carryout suicide attacks and were trained to do so," Sky News reports.

Customer Service Statistics on Uber Rapes Are Leaked

Internal screenshots provided to BuzzFeed by a former Uber customer service representative show the results of queries for the terms rape and sexual assault conducted on Uber’s customer support portal.

In one screenshot, a search for “sexual assault” returns 6,160 customer support tickets. A search for “rape” returns 5,827 individual tickets. Other variations of the terms yield similarly high returns: A search for “assaulted” shows 3,524 tickets, while “sexually assaulted” returns 382 results.

The ride-sharing firm says the data shown in the images is not an accurate representation of assault complaints.  

Uber officials told BuzzFeed that of the thousands of tickets returned for the keyword “rape,” five meet Uber’s standard of an actual incident.

Uber declined to further define this standard or disclose its methodology. (It’s worth noting these are incidents in its customer service system, not an accounting of all incidents. The number is neither comprehensive nor inclusive).

Uber says the company received 170 claims of sexual assault directly related to an Uber ride.

After Uber learned of BuzzFeed’s investigation, the company began contacting customer service representatives who had searched the database for the terms rape and sexual assault, apparently in a hunt for the leaker.

Additional screenshots detail the way Uber’s Incident Response Teams are instructed to handle customer support tickets, which range in severity from Level 1 to Level 4.

Nonconsensual sexual contact (or attempts to commit same) fall under Level 3, and are supposed to prompt an investigation.

Screenshots from Uber’s “Support Logic and Escalations” database section also show that customer service reps handling nonconsensual sexual contact cases should be mindful of media and law enforcement interest when deciding to escalate cases to higher-ranking employees. “Determine LE/media interest and have Comms/LERT monitor if risk confirmed,” one screenshot reads.

Payroll Bandits Strike Tech Firm Seagate

An employee at the data storage provider unknowingly handed off to a hacker the W-2 tax documents for all current and past employees. A fraudulent phishing email lured the staffer into sending the forms, which contain personal data valuable to identity thieves in the business of filing for bogus refunds.

Seagate spokesman Eric DeRitis said, “The information was sent by an employee who believed the phishing email was a legitimate internal company request.”

Asked via email how many former and current employees may have been impacted, DeRitis declined to be specific.

“We’re not giving that out publicly — only to federal law enforcement,” he said. “It’s accurate to say several thousand. But less 10,000 by a good amount.”

2.2 Million Cancer Patients at Risk of Identity Theft

The FBI on Nov. 13, 2015, informed 21st Century Oncology Holdings of a data theft, but asked the company to delay disclosing the incident so as not to interfere with a probe.

Private forensics investigators say the attackers might have penetrated the company's database in early October 2015.

The breached system contains personal information on some patients, including their names, social security numbers, physicians, diagnoses and treatment, as well as insurance data, the company said.

According to the health care provider, there is no indication medical records were compromised.