May 29, 2024 at 05:12PM
Cooler Master, a Taiwan-based computer hardware manufacturer, experienced a data breach when a threat actor claimed to have stolen 103 GB of data, including personal information of 500,000 Fanzone members. The breach involved corporate, vendor, sales, warranty, inventory, and HR data. Cooler Master’s customer support tickets and RMA requests were also compromised. BleepingComputer was unable to verify the credit card information theft.
Based on the meeting notes, the key takeaways are:
1. Cooler Master, a computer hardware manufacturer based in Taiwan, suffered a data breach where a threat actor claims to have stolen 103 GB of data, including information of 500,000 Fanzone members.
2. The stolen data includes cooler master corporate, vendor, sales, warranty, inventory and HR data, as well as personal information of fanzone members, such as name, address, date of birth, phone, email, and plain unencrypted credit card information.
3. The breach occurred through one of the company’s front-facing websites, allowing the threat actor to download various databases, including the one containing Fanzone information.
4. The threat actor attempted to contact Cooler Master for payment not to leak or sell the data, but Cooler Master did not respond.
5. Samples of stolen data in the form of CSV files containing customer support tickets and RMA requests have been shared, and BleepingComputer verified the correctness of the data for some customers.
6. BleepingComputer was unable to find evidence in the files that credit card information was stolen as claimed by the threat actor.
7. The threat actor intends to sell the stolen data in the future but has not yet determined the price.
8. Cooler Master did not respond to BleepingComputer’s attempts to contact them about the breach.
These takeaways capture the essential details of the data breach incident at Cooler Master.