Cyber Threat Actor: Fenice
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
1 incident |
|---|
Profile
Fenice is the alias used to refer to the threat actor responsible for the December 2023 breach of a Florida‑based consumer data broker. The actor came to public attention after the compromise of the broker’s networks resulted in the exfiltration of billions of records containing personally identifiable information such as Social Security numbers, names, addresses, phone numbers, and email addresses. The stolen dataset included approximately 272 million unique Social Security numbers and 137 million email addresses, predominantly belonging to older individuals, and was subsequently offered for sale and released on underground cybercriminal forums. This incident marks the only publicly documented activity attributed to Fenice within the available sources.
The targeting observed in the Fenice operation focused on the data‑brokerage sector, specifically a company headquartered in Florida, United States. The actor’s strategic objective appears to be financial gain, as evidenced by the explicit sale of the harvested data on illicit markets and its later public distribution. No indications of espionage, disruption, or state sponsorship are present in the reported details, and the actor’s motivations are inferred solely from the monetization of the stolen information. The breach prompted the affected organization to acknowledge third‑party involvement, cooperate with law enforcement, implement additional security controls, and face a class‑action lawsuit highlighting the extensive risks of identity theft and fraud for the impacted individuals.
In the reported campaign, Fenice gained initial access to the broker’s systems, though the specific vectors or malware families employed are not disclosed in the public reporting. Once inside, the actor conducted a large‑scale data exfiltration operation that accumulated records spanning multiple decades. The subsequent sale of this data on underground forums facilitated further criminal exploitation, underscoring the financial dimension of the attack. The aftermath included widespread notification efforts, regulatory scrutiny, and legal actions, illustrating the significant harm that can result from the aggregation and illicit trade of massive personal data repositories. No additional campaigns or affiliations have been publicly linked to Fenice beyond this incident.
