Simplicia.co Breach Exposes 152,000 Employee Records

Company Overview

Simplicia.co is a cloud-based electronic transaction management tools provider, primarily catering to legal professionals. The company specializes in offering solutions that streamline financial operations and transaction handling for law firms.

2. Breach Details

• Date of Breach: September 2023
• Threat Actor: IntelBroker (Administrator of BreachForums)
• Breach Forum Post: On September 3, 2023, a post was made by the user IntelBroker on BreachForums, announcing the leak of the Simplicia.co database.
• Data Compromised: A total of 152,000 employees' data was exposed.
• Exposed Information:
  • Personal Identifiers: Employee IDs, employee NIRs (French social security numbers), last names, first names, and insurance codes.
  • Employment Details: Start and end dates, client and company identifiers, leave details (type, description, dates), absence days, reimbursement amounts, and other financial data.

3. Threat Actor Profile

IntelBroker is a known administrator on BreachForums, a notorious platform for sharing and trading stolen databases. Active since June 2023, this user has a reputation for facilitating the distribution of sensitive data breaches.

4. Impact Analysis

• Scope: The breach affects 152,000 employees, likely resulting in significant privacy violations.
• Risk: The exposed information, especially social security numbers and financial data, puts affected individuals at high risk of identity theft, fraud, and targeted phishing attacks.
• Legal Consequences: Given the nature of the exposed data, Simplicia.co may face severe penalties under GDPR and other data protection regulations, particularly since the data involves sensitive personal and financial information.