A threat actor targeting Common Admission Test aspirants has struck again, leaking personal data and academic records of 190,000 candidates on a cybercrime forum. Credit: Getty Images The personally identifiable information (PII) and test results of 190,000 candidates for the 2020 Common Admission Test were leaked and put up for sale on a cybercrime forum, according to threat intelligence firm CloudSEK.The compromised data includes candidates’ names, dates of birth, email IDs, mobile numbers, and address information. In addition to this, the candidates’ 10th and 12th grade results, details of their bachelor’s degrees and their CAT percentile scores was also revealed in the leaked database.The CAT is the principal entrance exam for graduate management programs in the country and is undertaken by close to 200,000 candidates each year. The intensely competitive examination is the gateway for aspiring candidates to gain admission to the country’s 20 Indian Institutes of Management (IIMs).With the help of open-source intelligence, CloudSEK’s threat intelligence team was able to validate the compromised data and revealed that the database is from the CAT examination conducted on 29 November 2020. CAT burglar strikes againThe threat actor put up a post on 12 May advertising the sale of 190,000 CAT aspirants’ details on a dark web forum. The database comprised personal information and examination scores of nearly all candidates who appeared for the exam. Education website Shiksha reported that of the 227,000 registered candidates, 190,000 had appeared. According to CloudSEK, the threat actor joined the dark web forum in November 2018 and enjoys good standing in the hacker community. Based on the intelligence it received, the company said the threat actor exploited a vulnerability in the official CAT website to access the database.This isn’t the first time the perpetrator has targeted CAT. The 2019 CAT examination database was also leaked and put up for sale in September 2020. CloudSEK says it has discovered similar posts from the threat actor on other cybercrime portals on the dark web as well.With candidates’ personal information lose on the dark web, they could be targeted for phishing and identity theft. Furthermore, since the threat actor appears to have exploited vulnerabilities in the official CAT website (www.iimcat.ac.in) twice within a short span of time, attacks of this sort can reoccur if the website remains unpatched, CloudSEK’s security experts warned. Related content news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Malware Cybercrime news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Data and Information Security Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe