Cyber Incident Victim: CITY4U

On or around September 7, 2021, a threat actor using the alias ‘Sangkancil’ publicly claimed to have stolen the personal information of approximately 7 million Israeli citizens from the CITY4U website. The actor advertised the stolen data for sale on a hacker forum, though no specific price was disclosed for the complete archive. As proof of the breach, Sangkancil published images of compromised documents, including Israeli identity cards, driver’s licenses, and tax bills. The forum post detailed the scope of the data, asserting it contained identity information for 90% of Israeli citizens and real estate documents. Sangkancil framed the leak as a “first surprise for the Jewish new year,” referencing the Rosh Hashanah holiday occurring that week. The actor additionally claimed to have infiltrated multiple municipalities, though no corroborating evidence was provided for these broader assertions.

Israel’s National Cyber Directorate initiated an investigation into the alleged breach following Sangkancil’s disclosure. Preliminary findings indicated the leaked documents consisted of older data, though the validity of this assessment was not elaborated. No operational details regarding CITY4U’s systems, the intrusion methodology, or data exfiltration timeline were disclosed by authorities or the threat actor. The incident exposed sensitive citizen information to potential illicit sale, though no confirmed instances of misuse or secondary exploitation were reported in the immediate aftermath. The investigation remained ongoing at the time of reporting, with no public statements from CITY4U regarding the breach’s validity or their response measures.