The Israeli insurance company Shirbit and the National Cyber Directorate are investigating a potential cyber attack on the company's website and servers that saw customers' personal details leaked online.
A short while after the company's website crashed due to the alleged attack on Monday, an unknown hacker group calling itself Black Shadow took responsibility on Twitter.
“A huge cyberattack has taken been [sic] place by Black Shadow team. There has been a massive attack on the network infrastructure of Shirbit Company , which is in israel [sic] economic sphere” tweeted the group, while tagging several major media outlets around the world including the BBC, Reuters and CNN. The Black Shadow account was later suspended by Twitter.
The group released personal documents such as ID numbers and drivers licenses and addresses that were allegedly stolen from Shirbit's systems - including that of a senior judge, although authorities claim information about customers’ credit cards was not leaked.
The company and directorate's biggest worry lies in the fact that Shirbit was awarded the tender to provide car insurance for state employees several years in a row, meaning that the company holds vast amount of information on civil servants that may have now been compromised.
According to cyber experts, this is the same group behind a thwarted attack on Israel's major defense corporations a few months ago.
The Capital Market, Insurance and Savings Authority, which supervises insurance and pension funds in Israel, said: "An initial inspection shows that the information leaked was customers' insurance details… The inspection is currently continuing.”
Omri Segev Moyal, a cyber expert from cybersecurity firm Profero, said: "Israel is a preferred target for 'hacktivists', especially Islamists. We see such attacks on a regular basis… Due to the escalation with Iran, there is a real possibility they are behind the attack and are hiding behind the activist group instead of being officially exposed."
Einat Meyron, an expert in preparing for and handling cyber strikes in businesses said: "The [leaked] documents indicate the scale and depth of the hack. As everyone knows, Shirbit won the car insurance tender for state employees, so the incident is troubling for many. The fact that they gained access to much extensive information indicates a continuum of failures, lack of control and poor management. "
Dr. Harel Menashri, one of the founders of the Shin Bet security service’s cyber directorate and the current head of cyber at Holon Institute of Technology, said the attack is most troubling.
"We should remember that Shirbit had the tender for civil servants," said Menashri. "The thing now is to do damage control [as] these people - including civil servants and the senior judge - may be exposed to coercion, extortion and even surveillance.”