Leapstack-vn-data-breach-approximately-100-GB-of-health-insurance-claims

medium.com · tryee · 3 days ago · view on HN · news
quality 7/10 · good
0 net
Tags
data-breach healthcare
leapstack.vn: Data Breach Approximately 100 GB of health insurance claims accidentally exposed | by chum1ng0 - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original leapstack.vn: Data Breach Approximately 100 GB of health insurance claims accidentally exposed chum1ng0 Follow ~3 min read · April 2, 2026 (Updated: April 3, 2026) · Free: Yes Leapstack originated in China and was founded in 2016; in Vietnam it was in 2020. Who is leapstack? Leapstack.vn is the Vietnamese operation of a prominent Asian Insurtech firm. The company uses AI and Big Data to make health insurance processes smarter, faster, and more secure. Its core focus lies in fraud prevention, claims automation, and delivering a better experience for insurers and end users alike. Finding the exposed data: The exposed directory of leapstack.vn In my investigations, this was found on February 9th; the server exposed 100GB of information from different customer claims from various insurance companies in Vietnam, as well as identity cards, in addition to exam files, etc. Some companies that I identified that had folders on the server were: Bao Long Insurance, Bảo hiểm AAA, BHV HCM, BHV HO, BHV SÀI GÒN, BSH, BSH ĐÔNG ĐÔ, BSH ĐÔNG SÀI GÒN, BSH HÀ NỘI, GIC, etc. Examining the exposed data According to my records, the files were exposed from September 2025, The files exposed on this server were Leapstack ID cards and membership cards, as well as exam records, patient files, payment notice, from different insurance companies in Vietnam. A payment notice, which exposes various personal details of the insured, was found on the exposed leapstack.vn server. For example, this file of a Bảo hiểm AAA insured person who works at a chemical company called Công ty TNHH Brenntag Việt Nam was exposed on the leapstack.vn server among many others. Notifying Leapstack On February 9th , I notified leapstack.vn about the lack of security on this server and the fact that it contained insurance company files, but no one responded. On February 18th , I notified the company again, this time naming each insurance company that had files on their server. I also told them they were being irresponsible with patients and that I was attaching this email to each insurance company, so all the companies on this server were notified. Unfortunately, none of them sent me a response. On March 21st , the server stopped responding . Did leapstack.vn realize their irresponsibility during those days? Or did the insurance companies see my email and notify leapstack? We'll never know. Happy Easter!!!!! You can find me at @chum1ng0 #cybersecurity #infosec #vietnam #healthcare #data-breach Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).
← Back to stories