A threat actor is selling a dataset of records allegedly taken from Midas South Africa.
This dataset contains approximately 463,000 company records, including consumer, logistics, and sales data.
In a post on a hacker forum, the threat actor claimed the dataset provided a detailed breakdown of the retailer’s operations.
This data includes customer contact details, delivery addresses, and consumer sales orders for transactional tracking.
“The data is fresh and organised across three main sections, useful for research, analysis, or understanding the structure of South Africa’s relevant sector,” they said.
“It includes direct contact details, project descriptions, and funding amounts.”
The actors are demanding $1,100 (R18,050.95) in exchange for access to data.
TopAuto has examined the data, which appears to be legitimate. Our sister outlet MyBroadband has asked Midas about the alleged breach, but we have not received a response as of the time of publication.
DailyDarkWeb said the exposed data could also include invoice and payment status information, customer relationship management and account management metadata, and branch locations.
It added that the data could be organised around operational business workflows, making it a useful tool for financially interested parties planning to attack Midas.
This could include threat actors conducting invoice fraud, supply chain impersonation, business email compromise, and targeted phishing campaigns.
Furthermore, the logistics and sales metadata could give attackers insight into customer relationships, operational patterns, delivery infrastructure, and internal commercial processes.
Midas is one of South Africa’s largest automotive franchises, supplying tools, parts, spares, and accessories for a wide range of vehicles.
Loading ...
