Cyber Incident Victim: K.L.S. Capital Ltd

On March 13, 2021, the hacker group Black Shadow announced via a Telegram post that they had successfully breached the servers of K.L.S. Capital Ltd, an Israeli car financing company. The group declared, "We are here to inform you a (sic) cyber attack against K.L.S CAPITAL LTD which is in Israel," mirroring their prior operational communication style from the Shirbit insurance breach three months earlier. This marked Black Shadow's second publicly claimed attack on an Israeli financial services entity within a four-month period. The announcement did not specify the initial intrusion vector or the duration of unauthorized access prior to the public disclosure.

The attackers exfiltrated and leaked dozens of personal documents containing customer information, though the precise volume and data categories beyond "personal documents" remained unspecified in available reporting. No ransom demands or extortion timelines were explicitly referenced in the group's initial statement. The incident drew media attention through coverage by the Jerusalem Post and subsequent republication by DataBreaches.net, highlighting continued targeting of Israeli financial sector entities by this threat actor. Public reporting did not document immediate containment measures, forensic findings, or victim notifications by K.L.S. Capital Ltd following the disclosure. The breach occurred against a backdrop of heightened regional cybersecurity scrutiny following Black Shadow's December 2020 attack on Shirbit, which had compromised thousands of customer records.