Brinztech Alert: Data of Lunsj.no Norge AS are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a database that they allege was stolen from Lunsj.no Norge AS, a Norwegian company. According to the seller’s post, the database contains approximately 67,000 records, comprising a mix of both customer and employee information. The sample data and table names provided (lu_address, lu_mail, lu_employee, lu_customer) suggest the presence of sensitive Personally Identifiable Information (PII) such as addresses, email addresses, phone numbers, and hashed user passwords.

This claim, if true, represents a significant data breach with a dual threat vector. A leak containing both customer and employee data allows criminals to launch external attacks against customers (such as phishing and fraud) while simultaneously enabling internal attacks against the company by targeting its employees with highly convincing spear-phishing campaigns. For a Norwegian company, a confirmed breach of this nature would constitute a major violation of the General Data Protection Regulation (GDPR), leading to mandatory regulatory reporting and the potential for substantial fines.

Key Cybersecurity Insights

This alleged data breach presents a critical and multifaceted threat:

• Dual Threat to Customers and Employees: The alleged leak of both customer and employee data creates two distinct but related risks. Criminals can use the customer data for widespread fraud and phishing, while the employee data provides a toolkit for targeted spear-phishing, social engineering, and potential insider threats.
• High Risk of Widespread Credential Stuffing: The presence of hashed passwords is a significant concern. Cybercriminals will use powerful tools to try and crack these hashes. Any successful email and password combinations will then be used in large-scale “credential stuffing” attacks against other websites, as users frequently reuse passwords across different services.
• Severe GDPR Compliance Implications: As a Norwegian company, Lunsj.no Norge AS is subject to the stringent requirements of GDPR. A confirmed breach of personal data, especially involving both customers and employees, would be a major compliance failure requiring notification to the Norwegian Data Protection Authority (Datatilsynet) and all affected individuals.

Mitigation Strategies

In response to this claim, Lunsj.no Norge AS must take immediate and decisive action:

• Launch an Immediate Investigation and Verification: The company’s highest priority must be to conduct an urgent forensic investigation to verify the authenticity of the claim, determine the scope of the breach, and identify how the attacker gained access to their systems.
• Mandate Password Resets and Enforce MFA for All Users: The company must enforce an immediate and mandatory password reset for all users associated with their systems, including both customers and employees. It is also critical to implement Multi-Factor Authentication (MFA) to provide an essential layer of security against account takeovers.
• Activate Incident Response and Prepare for Notification: If the breach is confirmed, the company must activate its incident response plan. This must include preparing a transparent communication strategy to notify all affected parties—customers, employees, and the Norwegian Data Protection Authority—in full compliance with GDPR requirements.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com