A threat actor targeting Common Admission Test aspirants has struck again, leaking personal data and academic records of 190,000 candidates on a cybercrime forum. Credit: Getty Images The personally identifiable information (PII) and test results of 190,000 candidates for the 2020 Common Admission Test were leaked and put up for sale on a cybercrime forum, according to threat intelligence firm CloudSEK.The compromised data includes candidates’ names, dates of birth, email IDs, mobile numbers, and address information. In addition to this, the candidates’ 10th and 12th grade results, details of their bachelor’s degrees and their CAT percentile scores was also revealed in the leaked database.The CAT is the principal entrance exam for graduate management programs in the country and is undertaken by close to 200,000 candidates each year. The intensely competitive examination is the gateway for aspiring candidates to gain admission to the country’s 20 Indian Institutes of Management (IIMs).With the help of open-source intelligence, CloudSEK’s threat intelligence team was able to validate the compromised data and revealed that the database is from the CAT examination conducted on 29 November 2020. CAT burglar strikes againThe threat actor put up a post on 12 May advertising the sale of 190,000 CAT aspirants’ details on a dark web forum. The database comprised personal information and examination scores of nearly all candidates who appeared for the exam. Education website Shiksha reported that of the 227,000 registered candidates, 190,000 had appeared. According to CloudSEK, the threat actor joined the dark web forum in November 2018 and enjoys good standing in the hacker community. Based on the intelligence it received, the company said the threat actor exploited a vulnerability in the official CAT website to access the database.This isn’t the first time the perpetrator has targeted CAT. The 2019 CAT examination database was also leaked and put up for sale in September 2020. CloudSEK says it has discovered similar posts from the threat actor on other cybercrime portals on the dark web as well.With candidates’ personal information lose on the dark web, they could be targeted for phishing and identity theft. Furthermore, since the threat actor appears to have exploited vulnerabilities in the official CAT website (www.iimcat.ac.in) twice within a short span of time, attacks of this sort can reoccur if the website remains unpatched, CloudSEK’s security experts warned. Related content news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Malware Cybercrime news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO CSO and CISO CSO and CISO news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe