Menu
Browse

Cyber Threat Actor: Lifelock

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

The threat actor referenced in the source material has not been publicly identified by an alias or any known moniker, and the article does not attribute the activity to a specific criminal group, state sponsor, or hacker collective. The actor is described only as an individual or group that claimed responsibility for compromising the computer systems of a medical practice located in Holland, Michigan, in June 2016. No further biographical details, affiliations, or prior operations are disclosed in the source material, so the actor remains unidentified in open‑source reporting.

The actor’s targeting, as described in the article, was limited to a single healthcare organization in the United States, specifically a provider of eye care services in the Holland, Michigan area. The actor asserted that they had accessed patient records containing Social Security numbers and other personal information. After the alleged intrusion, the actor notified the affected individuals about the exposure of their data and offered them credit‑monitoring services. In addition to contacting the victims, the actor reached out to local law‑enforcement agencies, the mayor’s office of Holland, and the U.S. Department of Health and Human Services to report the breach. The source does not explicitly state the actor’s strategic objectives, such as financial gain, espionage, or disruption, so no motive can be inferred from the provided information.

Regarding tactics, techniques, and procedures, the article does not detail any specific malware families, exploit kits, phishing methods, or other tools used by the actor to gain initial access or maintain persistence within the victim’s network. No description of command‑and‑control infrastructure, lateral‑movement techniques, or data‑exfiltration methods is provided, so no concrete TTPs can be attributed to the actor based on the source. The absence of such technical details means that any discussion of malware or intrusion vectors would be speculative and therefore omitted.

The only publicly reported operation linked to this actor is the June 2016 intrusion into the Holland Eye medical practice, which resulted in the alleged exposure of patient data and the subsequent notifications to victims, local authorities, and federal health regulators. No other campaigns or attribution to broader threat‑activity clusters are mentioned in the source material, and thus this incident stands as the sole documented activity associated with the unidentified actor. Consequently, the profile remains limited to the facts presented: an unidentified perpetrator targeting a U.S. healthcare provider, notifying affected individuals and officials, and offering credit‑monitoring services, with no disclosed malware, tools, or affiliations described in the available reporting.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source