Hack Notice

Hack Notice: FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data

FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data

Source
https://darkforums.su/Thread-FRESH-BREACH-Refocus-AI-Unique-Computing-Gennet-ai-Insurance-Policyholder-Data
Description
troupe allegedly hacked as reported by DarkForums with details: Unique Computing LLC / Gennet.AI / ReFocus AI -- ace AWS account. Three companies. Zero boundaries. Unique computing LLC is an 11-person AI consulting firm headquartered at 5680 King centre Dr Suite 600 Alexandria Virginia. Its CEO Nisar Hundewale ph.d. simultaneously operates two product lines under different trademark names: Gennet.AI  a healthcare clinical documentation platform claiming 50+ clinic integrations and Hundewale is CEO. ReFocus AI  an insurance churn prediction platform serving 11+ named insurance agency clients. Hundewale is Co-Founder/CDO . We gained access via CVE-2025-55182 on an unpatched internet-facing host. The ECS credentials extracted from it gave us access to 57 S3 buckets and the AWS Secrets Manager. We exfiltrated the lot. Download the complete data here: What We Found 57 buckets. 23000+ policyholders. $797 million in insured premiums. A single AWS account. indemnity Policyholder data -- The data You are Not Supposed to let Walk Out the Door ReFocus AI's business modeling tells indemnity companies Unfortunately for those companies they did exactly that expecting it would be kept safe. Patriotic insurance complete HawkSoft office management system export: 9977842 rows across 1774 CSV files representing 1249 unique policyholders with: Full names dates of birth home addresses Driver licence numbers phone numbers email addresses vehicle identification Numbers complete policy histories claims data billing records Employer names income brackets occupations Peter Alphonso 935 E 34th St Brooklyn NY 11210 DL# 457463207. His wife Una same address DL# 330910141. The Greene family of pit Ridge  Barry Mary Nathan Sarah and Whitney  all at 3890 Atwood Rd dl numbers for each. We can spell on. There are 1249 of them. Alliance indemnity Services Complete Salesforce policy management export: 96624 rows containing 21761 unique named insureds 12739 phone numbers 29186 addresses 43928 policy numbers and $191144873.09 in total insured premium measure across 27 states. 727 FEIN/SSN values 26 of which match individual Social surety number format. Elizabeth Wicker 462-6067 2748 Bethel ct Winston Salem NC 27127. Jerrie Bradshaw 946-1222 130 Shallowford hold Dr Lewisville NC 27023. 21 1000 seven c and sixty-one more where those came from. Alliance's book of business includes personal auto homeowners commercial packages workers' compensation 7231 individual medical policies and 1431 Medicare Advantage plans. The complete node list of a full-service independent insurance agency spanning from mount Airy state club to Children's center of Surry Inc . Ohio Mutual indemnity group 596155 policy records covering 579 insurance agents across 7 states with $605702493 in congeries premiums. This is not an agency  this is a regional insurance carrier's complete auto insurance portfolio. The data includes the entire agent distribution network: DealerPolicy Insurance agency NFP Property & Casualty Services James L. Sanor Insurance Agency Allenbaugh indemnity Agency and 575 others. Combined insurance premium data: $796847366. The AI Platform Gennet.AI claims 50+ clinic integrations. What we found was a ChromaDB vector database containing a single synthetic patient record and 28 backup copies of a users.json file with one account: username password a UUID. The h2oGPT-based LLM infrastructure is real enough but the exact is shall we order aspirational. It's clearly in its early stages. The Databricks workspace contains biotech cell imaging data CycleGAN vocalism cloning models and the insurance churn prediction pipeline  all in the same workspace. Healthcare AI indemnity analytics pharmaceutical research vocalize cloning and a Pakistani Pre-K curriculum platform all sharing one AWS account with one place of credentials. Personal Gmail as base The S3 bucketful storing all 9 insurance client churn models is named abubakaryagob-gmail-com. The developer workspace bucketful is hi-blacksuan19-dev matching the GitHub handle of Abubakar Omer Yagoub senior data Scientist at Unique Computing LLC since May 2022. His personal Gmail appears in filenames across 650+ data files spanning august 2022 through December 2024. The duaa.org educational nonprofit buckets on the same AWS account are explained by Yagoub's attendance at International Islamic University Malaysia . Personal projects professional work node data and nonprofit educational content  all in one account all behind one set of credentials. Where responsibility Lies This is where it gets interesting. It took us a bit to sort through this to hit the truth. Nisar Hundewale runs Unique Computing LLC. He is simultaneously CEO of Gennet.AI and was Co-Founder/CDO of ReFocus AI. same phone number across all entities. Same AWS account. same personnel. ReFocus AI has a split CEO  Colby Royal Tunick  and separate funding . They pitched at TechCrunch disrupt 2024. They appear to have believed they were working with a legitimate technology partner not sharing an AWS account with a developer's personal Gmail bucket and a voice cloning side project. When we contacted the relevant parties Hundewale's reaction was silence. Unique Computing LLC  the parent entity his company  went dark. ReFocus AI to their credit engaged with us honestly. They told us they could not pay because they were unable to confirm whether their data had been accessed by other parties because Unique Computing was not sharing infrastructure logs with them. They were in kernel left holding the grip by their own technical partner and former CDO of their company. We respect that ReFocus was straightforward with us. They did not stick their heads in the sand and ghost. They did not file a meaningless injunction. They told us their perspective clearly and we told them we would attempt to be fair when we made this post. But allow us be clear about where responsibility lies. Unique Computing LLC is not a It is in essence the parent entity. The AWS account belongs to Unique Computing. The unpatched React servers belong to Unique Computing. The d�cision to store 11 insurance agencies' complete policyholder databases in S3 buckets named after a developer's personal email speech  that was Unique Computing's architecture if you can even use the term for something so sloppy. The failure to patch CVE-2025-55182 for months after a patch was available  that was Unique Computing's negligence. leaving the server unpatched for days after they learned about the breach and ongoing vulnerability -- that is Unique Computing's uniquely incompetent incident response. The Data insurance Policyholder data : hawksoft-patriotic  complete HawkSoft office management system export for Patriotic insurance : 1774 CSV files 9977842 rows 1249 unique policyholders with full names dates of birth driver licence numbers home addresses phone numbers 864 email addresses 1305 vehicle identification Numbers nail policy histories claims records and billing data refocus-ai/alliance  Complete Salesforce policy management export for alliance indemnity Services : 96624 rows 21761 unique named insureds 12739 phone numbers 29186 addresses 43928 policy numbers 727 FEIN/SSN values $191144873 in summate insured premium across 27 states  including 7231 individual medical policies and 1431 Medicare Advantage plans lambda-input-0/Refocus_auto_082421.csv  Complete auto insurance portfolio from ohio Mutual insurance Group: 596155 rows 579 insurance agents across 7 states $605702493 in aggregate premiums ReFocus AI proprietary ml Pipeline : abubakaryagob-gmail-com/  All 11 node churn prediction models : trained scikit-learn mold artifacts client configuration YAMLs EDA reports preprocessed data raw predictions 330+ timestamped lead configurations churn-pretrained-models/  Production model artifacts churn-processors/  feature engineering and data processing pipelines lambda-input-0/  713 data intake files spanning November 2021 through December 2024 with filenames revealing which developer uploaded which client's data and when Gennet.AI Clinical Platform: apps.gennet.ai-us-east-1  Production application: ChromaDB vector database h2oGPT LLM infrastructure user authentication gen-ai-models  LLM configurations clinical interrogation classification datasets expert QA evaluation data gennetbucket  Website assets and team photos h2ogpt  988 MB h2oGPT pose archive Databricks biotech and phonation Cloning: db-f33843ce59d6add2dee4e8aa26b84083-s3-root-bucket  Databricks workspace: cell imaging fingerprint analysis ml simulate artifacts 6 analysis runs attributed to Nisar Hundewale and Sampada Koranne voicecloningmask  MaskCycleGAN-VC phonation transition models trained female and male verbalizer pairs AWS base and Internal Communications: vantage-cur-*  7 months of AWS billing and cost usage reports mail-files-east/ mail-files-i/ email-attchs/  WorkMail archive: 15 email messages with attachments linking Hundewale and Yagoub to both Gennet.AI and ReFocus AI data on the same day my-salesforce-s3/ mule-sftp-s3/  Salesforce CRM and MuleSoft SFTP integration Personal Developer Buckets: hi-blacksuan19-dev  Abubakar Yagoub's personal dev workspace my-sm-dev-upload-bucket-fatima/  Personal SageMaker bucket my-price-prediction  Personal ml project aave-transformer-tensors  DeFi/blockchain transformer experiment Duaa.org  and why We are Including It: duaa.org  Pre-K educational videos website images audio duaa-curriculum  AI-generated example plans slide presentations and teacher narration audio duaa-public-curriculum  Published curriculum with rendered slides and metadata We verified that the Duaa.org data contains no children's PII  no pupil names no enrollment records no photographs of real children. It is curriculum content: lesson plans cartoon mascots AI-generated narration. We are including it for one reason only: to

About HackNotice and FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data their products, services, websites, or applications and you were a client of HackNotice, monitoring for FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data you may have been alerted to this report about FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If FRESH BREACH: Refocus AI, Unique Computing, Gennet.ai -- Insurance Policyholder Data had a breach of consumer data or a data leak, then there may live additional actions that our clients should take to protect their digital identity. data breaches, hacks, and leaks often top to and do indistinguishability theft, account have overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer info through data leaks, as the direct resultant of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that conduct to depress node certificate and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice works with clients to place the extent that digital identities have been exposed and provides remediation suggestions for how to handgrip each typecast of exposure.

HackNotice monitors the hacker community, which is a network of individuals that share data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share nag notices with their friend, family, and collogues to help increase awareness around alleged hacks, breaches, or data leaks. HackNotice works to provide clients with sharable reports to help increment the certificate of our clients personal network. The security of the people that our clients interact with directly impacts the level of security of our clients. Increased exposure to accounts that get been taken over by hackers leads to further account make overs through phishing, malware, and other attach techniques.

If you found this hack note to live helpful, then you may be interested in reading some additional cut notices such as:

iable info (PII), trade secrets of corporations or intellectual property. Most data breaches to Yahoo agreeing to lower the final price from $4.8 to $4.48 billion. Cybercrime cost vigor and uformation can become a data breach if the staff member retains access to the data after expiration

Defacement quatreau.cn/

Publishers Clearing House

lacor.es