KelvinSecurity Hacking Group Dumps 8GB Database from CMS.gov – Millions of Records Exposed

A hacking group called KelvinSecurity has recently leaked an 8 GB database that the group claims came from CMS.gov, the US Government’s Center for Medicare & Medicaid Services. RestorePrivacy analyzed the data and confirmed it contains millions of records, all of which appear to be valid, exposing healthcare providers registered in the CMS.gov system.

Earlier this week, KelvinSecurity, a prolific hacking group that frequently dumps databases on hacking forums, posted a new high-profile target: CMS.gov.

The website CMS.gov belongs to the US Government’s Center for Medicare and Medicaid Services (CMS). CMS is a US federal agency that falls under the US Department of Health and Human Services (HHS).

The CMS.gov database was fully dumped on July 6th of this week on Breached Forums, which is the same forum that gained international notoriety for hosting the massive Chinese data breach just a few days earlier.

Unlike some other posts we have observed from KelvinSecurity, this database was released in full for free. The reason for this is most likely because government entities rarely pay cybercrime organizations to have their data deleted. With no profit to be gained, the group posted up the 8 GB database for free on Breached Forums.

You can see in the post above that the exploit was carried out on a MongoDB database, which we will discuss more below.

At the bottom of the post on the hacker forum is a direct link to the database, which is currently free for anyone to

Read more

Explore the site

More from the blog

Latest News