We got a potential buyer

Someone reached out about the Aurora data we have. Seems they might be interested in buying a patient’s credit card info.

Who’s the buyer? And how much? Is it just one record?

It’s some dude on the dark web. Apparently he knows one of the patients in the data breach - some guy who probably won’t even realize his cc is being used. He offered 0.0033 BTC.

Oh nice! Have there been any other interested buyers?

Oh nice! Have there been any other interested buyers?

A few nibbles but we haven’t exactly advertised it well yet

Nah tell him it’s 0.01 BTC. I’m sure he’ll get more than that from the victim’s credit card.

I’ll let him know! I told him to put this SHA1 hash in the notes of the transaction so we have a record of what was sold: 911d1fc5930fa5025dbc2d3953c94de9e4773584

Awesome. How are you coming up with that SHA1? The patient_id?

No I’m actually including almost the full billing and patient data. I’m just concatenating the following:

  • card number
  • expiration
  • CCV
  • patient_id
  • patient first name
  • patient last name
  • patient middle initial
  • patient sex
  • patient email
  • patient address (street, city, state, zip)
  • patient dob

You’re not delimiting it with anything?

No I couldn’t get the SQL to output right when I tried lol

That’s good, that way we can match up each individual record sale with the hash. We probably need to find a better way for people that want to buy bulk sets of records though.