This week’s Cyber Intelligence House – Leak of the Week highlights a breach involving Symposia Organizzazione Congressi S.R.L. (symposiacongressi.com), an Italian events and congress organizer serving healthcare and corporate clients.
In October 2023, the organization was listed on the Medusa ransomware leak site; the same dataset has since circulated and was shared on a private Telegram channel known as “Nth Database.” The archive analyzed contains 37,049 files, 3,993 folders, totaling 48.3GB. File types observed include PDF (24,276), DOC/DOCX (3,629), TXT (2,470), JPG/JPEG (2,229), XLS/XLSX (2,219), PPT/PPTX (616), XML (112), CSV (46), PNG (40).
Analysis shows the materials are predominantly event operations and healthcare-education records, identity documents, financial records, and credential spreadsheets—a mix exposing personal data of ttendees/speakers and operational data of the organizer.
Sensitive files identified:
– AIAC-FVG_10.06.22_lista ECM con user e password.xlsx
– MCLC2022_Lista ECM con user e password.xlsx
– Passaporto Petronio.pdf
– Carta Identità Chiara Durand scad. 2031.pdf
– Symposia bank details.pdf
No threat actor claim accompanies this Telegram repost. For context, Medusa publicly listed Symposia as a victim on October 16, 2023.
Implications
For Individuals:
1. Identity theft risks from passports and ID cards leading to fraudulent KYC, SIM swaps, or travel document abuse.
2. Account takeover from spreadsheets containing usernames/passwords for ECM or portals.
3. Financial fraud & doxxing using leaked bank details and professional contacts.
For Symposia Organizzazione Congressi S.R.L.:
1. GDPR exposure due to processing of identifiable attendee/physician data.
2. Operational disruption from compromised learning/event portals and workflow integrity issues.
3. Financial and reputational harm from leaked bank details and contractual
documents.
Supply Chain Risks: The dataset includes sponsor agreements, hotel/venue invoices, and attendee lists, suggesting exposure of partners, vendors, and venues. MSSPs should expect downstream phishing against these entities using event-themed lures.
Cyber Intelligence House’s Recommendations:
– Contain & harden: Invalidate exposed credentials, enforce 2FA, and rotate secrets.
– Data minimization: Remove ID document copies from shared storage; restrict access; encrypt archives.
– Third-party notifications: Alert impacted attendees, speakers, and vendors; initiate takedowns of reposted leaks.
– Email security: Strengthen DMARC/DKIM/SPF, deploy brand impersonation
defenses, and train users against targeted lures.
– Legal/regulatory: Conduct GDPR breach assessment and prepare required
notifications.
– Monitoring: Maintain dark-web/Telegram surveillance on Nth Database and derivative channels for further distribution and credential abuse.