Brinztech Alert: The Alleged Database of MAKC-M is Leaked

Dark Web News Analysis

The dark web news reports a massive data breach involving MAKS-M JSC (MAKC-M), one of the largest companies in the Russian compulsory health insurance (OMC) market. A threat actor has released a database allegedly containing over 10.8 million records (approx. 22GB in SQL format) dating back to 2018.

Although the dataset is several years old, the volume is staggering. It reportedly affects a significant portion of the nearly 20 million citizens insured by the company. The data is stored in SQL format, suggesting a direct dump from a backend server. The exposed fields likely include personal identifiers, insurance policy numbers, and administrative health records.

Key Cybersecurity Insights

Breaches of health insurance providers are uniquely damaging because medical data is immutable and highly sensitive:

• Medical Identity Theft: Unlike credit card numbers, you cannot easily change your medical history or insurance policy number. Attackers can use this “static” data to file fraudulent claims, obtain prescription drugs illegally, or access medical services under a victim’s name, potentially corrupting the victim’s genuine health records with false information.
• The “Legacy Data” Trap: The fact that the data is from 2018 does not make it harmless. Personal identifiers like Full Names, Dates of Birth, and Passport Details rarely change. Attackers specifically seek out these older, massive databases to build “Fullz” (full profiles) on targets by cross-referencing them with newer leaks (like delivery or retail breaches).
• Targeted Phishing (Social Engineering): The database likely identifies which citizens use MAKS-M. Scammers can call victims posing as insurer representatives: “We are updating our 2018 archives and need to verify your policy number to ensure continued coverage.” The specific knowledge of their provider makes the call trustworthy.
• SQL Injection Vulnerability: The distribution of the data in .sql format typically indicates the breach was achieved via SQL Injection (SQLi) or a compromised database backup. This suggests that while the data is old, the vulnerability that allowed access might have been present for years.

Mitigation Strategies

To protect personal privacy and prevent fraud, the following strategies are recommended:

• Phishing Awareness: Insured individuals should be skeptical of any unsolicited calls claiming to be from MAKS-M, especially those referencing “archived data” or “policy renewals” from previous years.
• Medical Record Review: Users should check their medical history statements on the Gosuslugi portal (State Services) to ensure no unauthorized medical services have been billed to their OMC policy.
• Data Retention Audit: Organizations must review their data retention policies. Storing 10.8 million records from 2018 in an accessible, online environment increases risk. Old data should be encrypted, archived offline, or deleted if no longer legally required.
• Credential Rotation: If employees or users had online accounts with MAKS-M in 2018, they should change those passwords immediately to prevent credential stuffing.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com