Personal data of employees from 1,000 firms compromised in Maxicare Healthcare hack

The personal information of employees across 1,000 firms has been compromised following a data breach at Maxicare Healthcare Corporation, confirmed by the National Privacy Commission (NPC). The NPC stated it received a breach notification report from Maxicare on June 16.

Cybersecurity experts from Deep Web Konek first reported the incident, attributing the breach to a hacker group known as OPCODE-90. The compromised data includes full names, email addresses, home addresses, requested procedures, Maxicare card numbers, account types, VIP statuses, and medical booking details.

The breach has significantly impacted over 1,000 companies that subscribe to Maxicare’s group insurance policy. High-profile organizations affected include Accenture, Cebu Air (operator of Cebu Pacific), AIA Philippines, Allianz PNB, and BPI AIA Life Assurance Corporation.

Details of Maxicare’s breach notification remain unpublished by the NPC. However, Deep Web Konek posted on June 18 that an email from Maxicare, dated June 16, informed a member about the unauthorized access to their data on June 13. The breach reportedly occurred through a third-party partner, Lab@Home.

Further, Deep Web Konek’s blog shared screenshots of an alleged online forum post where a user, identified as OPCODE-90, was selling 33.3 MB of Maxicare data. This data reportedly includes complete names, Maxicare card numbers, addresses, and requested procedures.