DBHunter
Infinity Member
Golden Member
- Joined
- August 23, 2025
- Messages
- 2,152
- Reaction score
- 4,303
- Points
- 113
- Thread Author
- #1
Unique Computing LLC / Gennet.AI / ReFocus AI -- One AWS account. Three companies. Zero boundaries.
Unique Computing LLC is an 11-person AI consulting firm headquartered at 5680 King Centre Dr, Suite 600, Alexandria, Virginia. Its CEO, Nisar Hundewale, Ph.D., simultaneously operates (or has until recently operated) two product lines under different brand names:
We gained access via CVE-2025-55182 (React2Shell) on an unpatched internet-facing host. The ECS credentials extracted from it gave us access to 57 S3 buckets and the AWS Secrets Manager. We exfiltrated the lot.
Download the complete data (140gb compressed) here:
What We Found
57 buckets. 23,000+ policyholders. $797 million in insured premiums. A single AWS account.
Insurance Policyholder Data -- The Data You Are Not Supposed to Let Walk Out the Door
ReFocus AI's business model tells insurance companies, "give us your policyholders' data and we'll predict who's going to cancel." Unfortunately for those companies, they did exactly that, expecting it would be kept safe.
Patriotic Insurance (New York) Complete HawkSoft agency management system export: 9,977,842 rows across 1,774 CSV files representing 1,249 unique policyholders with:
Peter Alphonso, 935 E 34th St, Brooklyn, NY 11210, DL# 457463207. His wife Una, same address, DL# 330910141. The Greene family of Stone Ridge — Barry, Mary, Nathan, Sarah, and Whitney — all at 3890 Atwood Rd, DL numbers for each. We can go on. There are 1,249 of them.
Alliance Insurance Services (Winston-Salem, NC) Complete Salesforce policy management export: 96,624 rows containing 21,761 unique named insureds, 12,739 phone numbers, 29,186 addresses, 43,928 policy numbers, and $191,144,873.09 in total insured premium value across 27 states. 727 FEIN/SSN values, 26 of which match individual Social Security Number format.
Elizabeth Wicker, (336) 462-6067, 2748 Bethel Ct, Winston Salem, NC 27127. Jerrie Bradshaw, (336) 946-1222, 130 Shallowford Reserve Dr, Lewisville, NC 27023. Twenty-one thousand, seven hundred and sixty-one more where those came from.
Alliance's book of business includes personal auto, homeowners, commercial packages, workers' compensation, 7,231 individual medical policies, and 1,431 Medicare Advantage plans. The complete client list of a full-service independent insurance agency, spanning from Mount Airy Country Club (FEIN 56-0331740) to Children's Center of Surry, Inc (FEIN 56-1876389).
Ohio Mutual Insurance Group 596,155 policy records covering 579 insurance agents across 7 states with $605,702,493 in aggregate premiums. This is not an agency — this is a regional insurance carrier's complete auto insurance portfolio. The data includes the entire agent distribution network: DealerPolicy Insurance Agency, NFP Property & Casualty Services, James L. Sanor Insurance Agency, Allenbaugh Insurance Agency, and 575 others.
Combined insurance premium data: $796,847,366.
The AI Platform
Gennet.AI claims 50+ clinic integrations. What we found was a ChromaDB vector database containing a single synthetic patient record (generated by Synthea — the naming convention "Cira533 Koch169" is unmistakable) and 28 backup copies of a users.json file with one account: username "test", password a UUID. The h2oGPT-based LLM infrastructure is real enough, but the "50+ clinic integrations" claim is, shall we say, aspirational. It's clearly in its early stages.
The Databricks workspace contains biotech cell imaging data (holographic microscopy via Ovizio systems), CycleGAN voice cloning models, and the insurance churn prediction pipeline — all in the same workspace. Healthcare AI, insurance analytics, pharmaceutical research, voice cloning, and a digital learning curriculum platform, all sharing one AWS account with one set of credentials.
Personal Gmail as Infrastructure (PGAC?)
The S3 bucket storing all 9 insurance client churn models is named abubakaryagob-gmail-com. The developer workspace bucket is hi-blacksuan19-dev, matching the GitHub handle of Abubakar Omer Yagoub (@Blacksuan19), Senior Data Scientist at Unique Computing LLC since May 2022. His personal Gmail appears in filenames across 650+ data files spanning August 2022 through December 2024.
The duaa.org educational nonprofit buckets on the same AWS account are explained by Yagoub's attendance at International Islamic University Malaysia (IIUM). Personal projects, professional work, client data, and nonprofit educational content — all in one account, all behind one set of credentials.
Where Responsibility Lies
This is where it gets interesting. It took us a bit to sort through this to reach the truth.
Nisar Hundewale runs Unique Computing LLC. He is simultaneously CEO of Gennet.AI and was Co-Founder/CDO of ReFocus AI. Same phone number (213-786-4783) across all entities. Same AWS account. Same personnel.
ReFocus AI has a separate CEO — Colby Royal Tunick — and separate funding (Avondale). They pitched at TechCrunch Disrupt 2024. They appear to have believed they were working with a legitimate technology partner, not sharing an AWS account with a developer's personal Gmail bucket and a voice cloning side project.
When we contacted the relevant parties, Hundewale's response was silence. Unique Computing LLC — the parent entity, his company — went dark. ReFocus AI, to their credit, engaged with us honestly. They told us they could not pay because they were unable to confirm whether their data had been accessed by other parties because Unique Computing was not sharing infrastructure logs with them. They were, in essence, left holding the bag by their own technical partner and former CDO of their company.
We respect that ReFocus was straightforward with us. They did not stick their heads in the sand and ghost. They did not file a meaningless injunction. They told us their position clearly, and we told them we would try to be fair when we made this post.
But let us be clear about where responsibility lies. Unique Computing LLC is not a "contractor." It is, in essence, the parent entity. The AWS account belongs to Unique Computing. The unpatched React servers belong to Unique Computing. The décision to store 11 insurance agencies' complete policyholder databases in S3 buckets named after a developer's personal email address — that was Unique Computing's architecture, if you can even use the term for something so sloppy. The failure to patch CVE-2025-55182 for months after a patch was available — that was Unique Computing's negligence.
Leaving the server unpatched for days after they learned about the breach and ongoing vulnerability -- that is Unique Computing's uniquely incompetent incident response.
The Data
We are releasing the complète contents of all 57 S3 buckets from AWS account 086134439114. The full dump is structured as follows:
Insurance Policyholder Data ($796,847,366 in aggregate premiums):
Gennet.AI Clinical Platform:
This is negligence so total it borders on performance art.
We are not redacting the insurance data. Unlike medical records, insurance policyholder data — while sensitive and enabling of identity theft — is not the kind of immutable, deeply personal information that drives people to despair. We take no pleasure in exposing individuals' driver licence numbers and home addresses, but the scale of negligence here warrants a complete accounting.
If you are a policyholder of Patriotic Insurance or Alliance Insurance Services and you would like your records removed from the dataset, contact us at threatspians@fulcrumsec.net or support@data-removal.com. We will honour all deletion requests at no charge. We are aware that cybersecurity experts would advise against contacting threat actors to request deletion, as doing so could open the victim up to other attacks. Most of the time this is good advice. However, we at FulcrumSec have a policy of never targeting individuals, period, and doing so would be completely contrary to our ethos.
Furthermore, if you are a Patriotic Insurance policyholder whose driver's licence number was exposed, we will compensate you with the full cost of replacing your driver's licence. As of late March, 2026, this is $67.50 in New York State -- we will send $70 via Monero if you provide us with your wallet address.
To be eligible for compensation, you will need to contact us with the email associated with your insurance policy (this would be where you receive emails about insurance matters), which we will verify against the email address for your policy in the data.
You can set up a Monero wallet easily using Cake Wallet, Atomic Wallet, or many other options. If we end up getting spammed by false requests, we may have to shut this program down. So please, have some decency and don't ruin it for everyone. DNA users, that means you -- don't do it!
We realise this offer may seem contradictory. Why release the data if we're just going to end up compensating victims for the harm that the release could cause? Simple: We want Unique Computing to be pummelled into oblivion by class action lawsuits, but we want to minimise impact on the blameless individuals their negligence endangered.
We thread the needle as best we can.
To Unique Computing and Nisar Hundewale
This is the first time we are calling out an individual in a leak post, but you, Mr. Hundewale, deserve all the scorn that can be heaped upon you. You left ReFocus AI — a company you co-founded — to deal with the consequences of this breach, while you stuck your head in the sand. You would not even let your IT share your AWS logs with them. You left the React hosts vulnerable after we had warned you they were still appearing as vulnerable in our scans. Even after ReFocus begged you to remediate, it took you weeks to do so. This is criminal negligence and deliberate obfuscation. You actively obstructed your former company's response to the breach. We were out here sharing our logs with ReFocus while you refused their requests to see those for the AWS account in which you were, according to them, storing their data unauthorised. You made it impossible for them to determine that we were the only attackers who had exfiltrated the data.
At every single level, this is entirely your fault, and we hope the cascade of incoming lawsuits brings that fact home to you.
Your developer's personal Gmail address is the name of the S3 bucket holding nearly $800 million worth of insurance portfolio data. Your healthcare AI platform shares an AWS account with voice cloning experiments and a children's education nonprofit. Any company would have to be insane to let you anywhere near their data.
You abandoned your former employees and partners at ReFocus AI. You betrayed the insurance agencies whose data you were illegally storing in your account. And worst of all, you threw the 23,000+ policyholders whose data you were supposed to protect under the bus. did not have the option of walking away.
To ReFocus AI
You were dealt a bad hand by your technical partner. We said we would try to be fair, and we have. The fault here lies with the infrastructure decisions made by Unique Computing, not with your business operations. We hope you find a more responsible technology partner going forward, and we wish you the best in your lawsuit against Unique Computing, which you should win handily.
To Patriotic Insurance, Alliance Insurance Services, Ohio Mutual Insurance Group, and the other 8 agencies
Your data was entrusted to ReFocus AI for churn prediction analytics. ReFocus AI's infrastructure was managed by Unique Computing LLC. Unique Computing stored your complete policyholder databases — driver licences, Social Security Numbers, home addresses, policy details, claims histories — in unencrypted S3 buckets on an AWS account that also hosted personal developer projects and a digital learning platform, behind credentials extractable from an unpatched internet-facing server.
You should be asking some very pointed questions about your vendor due diligence processes.
Unique Computing LLC is an 11-person AI consulting firm headquartered at 5680 King Centre Dr, Suite 600, Alexandria, Virginia. Its CEO, Nisar Hundewale, Ph.D., simultaneously operates (or has until recently operated) two product lines under different brand names:
- Gennet.AI — a healthcare clinical documentation platform claiming 50+ clinic integrations and "1,000,000+ hours saved." Hundewale is CEO.
- ReFocus AI — an insurance churn prediction platform serving 11+ named insurance agency clients. Hundewale is Co-Founder/CDO (or was, until he quietly distanced himself — more on that below).
We gained access via CVE-2025-55182 (React2Shell) on an unpatched internet-facing host. The ECS credentials extracted from it gave us access to 57 S3 buckets and the AWS Secrets Manager. We exfiltrated the lot.
Download the complete data (140gb compressed) here:
What We Found
57 buckets. 23,000+ policyholders. $797 million in insured premiums. A single AWS account.
Insurance Policyholder Data -- The Data You Are Not Supposed to Let Walk Out the Door
ReFocus AI's business model tells insurance companies, "give us your policyholders' data and we'll predict who's going to cancel." Unfortunately for those companies, they did exactly that, expecting it would be kept safe.
Patriotic Insurance (New York) Complete HawkSoft agency management system export: 9,977,842 rows across 1,774 CSV files representing 1,249 unique policyholders with:
- Full names, dates of birth, home addresses
- Driver licence numbers (New York State 9-digit format)
- Phone numbers, email addresses
- Vehicle Identification Numbers (1,305 unique VINs)
- Complete policy histories, claims data, billing records
- Employer names, income brackets, occupations
Peter Alphonso, 935 E 34th St, Brooklyn, NY 11210, DL# 457463207. His wife Una, same address, DL# 330910141. The Greene family of Stone Ridge — Barry, Mary, Nathan, Sarah, and Whitney — all at 3890 Atwood Rd, DL numbers for each. We can go on. There are 1,249 of them.
Alliance Insurance Services (Winston-Salem, NC) Complete Salesforce policy management export: 96,624 rows containing 21,761 unique named insureds, 12,739 phone numbers, 29,186 addresses, 43,928 policy numbers, and $191,144,873.09 in total insured premium value across 27 states. 727 FEIN/SSN values, 26 of which match individual Social Security Number format.
Elizabeth Wicker, (336) 462-6067, 2748 Bethel Ct, Winston Salem, NC 27127. Jerrie Bradshaw, (336) 946-1222, 130 Shallowford Reserve Dr, Lewisville, NC 27023. Twenty-one thousand, seven hundred and sixty-one more where those came from.
Alliance's book of business includes personal auto, homeowners, commercial packages, workers' compensation, 7,231 individual medical policies, and 1,431 Medicare Advantage plans. The complete client list of a full-service independent insurance agency, spanning from Mount Airy Country Club (FEIN 56-0331740) to Children's Center of Surry, Inc (FEIN 56-1876389).
Ohio Mutual Insurance Group 596,155 policy records covering 579 insurance agents across 7 states with $605,702,493 in aggregate premiums. This is not an agency — this is a regional insurance carrier's complete auto insurance portfolio. The data includes the entire agent distribution network: DealerPolicy Insurance Agency, NFP Property & Casualty Services, James L. Sanor Insurance Agency, Allenbaugh Insurance Agency, and 575 others.
Combined insurance premium data: $796,847,366.
The AI Platform
Gennet.AI claims 50+ clinic integrations. What we found was a ChromaDB vector database containing a single synthetic patient record (generated by Synthea — the naming convention "Cira533 Koch169" is unmistakable) and 28 backup copies of a users.json file with one account: username "test", password a UUID. The h2oGPT-based LLM infrastructure is real enough, but the "50+ clinic integrations" claim is, shall we say, aspirational. It's clearly in its early stages.
The Databricks workspace contains biotech cell imaging data (holographic microscopy via Ovizio systems), CycleGAN voice cloning models, and the insurance churn prediction pipeline — all in the same workspace. Healthcare AI, insurance analytics, pharmaceutical research, voice cloning, and a digital learning curriculum platform, all sharing one AWS account with one set of credentials.
Personal Gmail as Infrastructure (PGAC?)
The S3 bucket storing all 9 insurance client churn models is named abubakaryagob-gmail-com. The developer workspace bucket is hi-blacksuan19-dev, matching the GitHub handle of Abubakar Omer Yagoub (@Blacksuan19), Senior Data Scientist at Unique Computing LLC since May 2022. His personal Gmail appears in filenames across 650+ data files spanning August 2022 through December 2024.
The duaa.org educational nonprofit buckets on the same AWS account are explained by Yagoub's attendance at International Islamic University Malaysia (IIUM). Personal projects, professional work, client data, and nonprofit educational content — all in one account, all behind one set of credentials.
Where Responsibility Lies
This is where it gets interesting. It took us a bit to sort through this to reach the truth.
Nisar Hundewale runs Unique Computing LLC. He is simultaneously CEO of Gennet.AI and was Co-Founder/CDO of ReFocus AI. Same phone number (213-786-4783) across all entities. Same AWS account. Same personnel.
ReFocus AI has a separate CEO — Colby Royal Tunick — and separate funding (Avondale). They pitched at TechCrunch Disrupt 2024. They appear to have believed they were working with a legitimate technology partner, not sharing an AWS account with a developer's personal Gmail bucket and a voice cloning side project.
When we contacted the relevant parties, Hundewale's response was silence. Unique Computing LLC — the parent entity, his company — went dark. ReFocus AI, to their credit, engaged with us honestly. They told us they could not pay because they were unable to confirm whether their data had been accessed by other parties because Unique Computing was not sharing infrastructure logs with them. They were, in essence, left holding the bag by their own technical partner and former CDO of their company.
We respect that ReFocus was straightforward with us. They did not stick their heads in the sand and ghost. They did not file a meaningless injunction. They told us their position clearly, and we told them we would try to be fair when we made this post.
But let us be clear about where responsibility lies. Unique Computing LLC is not a "contractor." It is, in essence, the parent entity. The AWS account belongs to Unique Computing. The unpatched React servers belong to Unique Computing. The décision to store 11 insurance agencies' complete policyholder databases in S3 buckets named after a developer's personal email address — that was Unique Computing's architecture, if you can even use the term for something so sloppy. The failure to patch CVE-2025-55182 for months after a patch was available — that was Unique Computing's negligence.
Leaving the server unpatched for days after they learned about the breach and ongoing vulnerability -- that is Unique Computing's uniquely incompetent incident response.
The Data
We are releasing the complète contents of all 57 S3 buckets from AWS account 086134439114. The full dump is structured as follows:
Insurance Policyholder Data ($796,847,366 in aggregate premiums):
- hawksoft-patriotic — Complete HawkSoft agency management system export for Patriotic Insurance (New York): 1,774 CSV files, 9,977,842 rows, 1,249 unique policyholders with full names, dates of birth, driver licence numbers, home addresses, phone numbers, 864 email addresses, 1,305 Vehicle Identification Numbers, complete policy histories, claims records, and billing data
- refocus-ai/alliance — Complete Salesforce policy management export for Alliance Insurance Services (Winston-Salem, NC): 96,624 rows, 21,761 unique named insureds, 12,739 phone numbers, 29,186 addresses, 43,928 policy numbers, 727 FEIN/SSN values (26 matching individual SSN format), $191,144,873 in total insured premium across 27 states — including 7,231 individual medical policies and 1,431 Medicare Advantage plans
- lambda-input-0/Refocus_auto_082421.csv — Complete auto insurance portfolio from Ohio Mutual Insurance Group: 596,155 rows, 579 insurance agents across 7 states, $605,702,493 in aggregate premiums
- abubakaryagob-gmail-com/ — All 11 client churn prediction models (Alliance, Capstone, Capstone_Subbind, Firstmark, Jonas, Jones, OMIG, Patriotic, Subbind, TPG, Western): trained scikit-learn model artifacts (.pkl), client configuration YAMLs, EDA reports (5–6 MB HTML each), preprocessed data, raw predictions, 330+ timestamped run configurations
- churn-pretrained-models/ — Production model artifacts
- churn-processors/ — Feature engineering and data processing pipelines
- lambda-input-0/ — 713 data intake files spanning November 2021 through December 2024, with filenames revealing which developer uploaded which client's data and when
Gennet.AI Clinical Platform:
- apps.gennet.ai-us-east-1 — Production application: ChromaDB vector database (86 embeddings of FHIR patient data — synthetic, Synthea-generated), h2oGPT LLM infrastructure, user authentication (single "test" account, password: 37cebc88-386f-4f71-afb1-c7fe198f3bcf)
- gen-ai-models — LLM configurations (GPT-4o, Meta Llama 2, Amazon Titan), clinical question classification datasets, expert QA evaluation data
- gennetbucket — Website assets and team photos
- h2ogpt — 988 MB h2oGPT model archive
- db-f33843ce59d6add2dee4e8aa26b84083-s3-root-bucket — Databricks workspace: cell imaging fingerprint analysis (Ovizio holographic microscopy, batches MK1026/MK3011), ML model artifacts, 6 analysis runs attributed to Nisar Hundewale and Sampada Koranne
- voicecloningmask — MaskCycleGAN-VC voice conversion models, trained female and male speaker pairs (June 2023)
- vantage-cur-* — 7 months of AWS billing and cost usage reports (August 2025–March 2026, Invoice ID 2495669109)
- sagemaker-studio-086134439114-* (×10) — SageMaker ML workspaces, 4 MLOps projects
- mail-files-east/, mail-files-i/, email-attchs/ — WorkMail archive: 15 email messages with attachments linking Hundewale and Yagoub to both Gennet.AI and ReFocus AI data on the same day (February 10, 2022)
- elasticbeanstalk-us-east-2-086134439114/ — Application deployments
- my-salesforce-s3/, mule-sftp-s3/ — Salesforce CRM (demo data only — the CRM was never actually used) and MuleSoft SFTP integration
- hi-blacksuan19-dev — Abubakar Yagoub's personal dev workspace
- my-sm-dev-upload-bucket-fatima/ — Personal SageMaker bucket (developer "Fatima")
- my-price-prediction — Personal ML project
- aave-transformer-tensors — DeFi/blockchain transformer experiment
- duaa.org — educational videos and curriculum (5 lesson videos totalling 2.8 GB), website images, audio
- duaa-curriculum — AI-generated lesson plans, slide presentations, and teacher narration audio (Coqui XTTS-v2 text-to-speech model, ~2 GB)
- duaa-public-curriculum — Published curriculum with rendered slides and metadata
This is negligence so total it borders on performance art.
We are not redacting the insurance data. Unlike medical records, insurance policyholder data — while sensitive and enabling of identity theft — is not the kind of immutable, deeply personal information that drives people to despair. We take no pleasure in exposing individuals' driver licence numbers and home addresses, but the scale of negligence here warrants a complete accounting.
If you are a policyholder of Patriotic Insurance or Alliance Insurance Services and you would like your records removed from the dataset, contact us at threatspians@fulcrumsec.net or support@data-removal.com. We will honour all deletion requests at no charge. We are aware that cybersecurity experts would advise against contacting threat actors to request deletion, as doing so could open the victim up to other attacks. Most of the time this is good advice. However, we at FulcrumSec have a policy of never targeting individuals, period, and doing so would be completely contrary to our ethos.
Furthermore, if you are a Patriotic Insurance policyholder whose driver's licence number was exposed, we will compensate you with the full cost of replacing your driver's licence. As of late March, 2026, this is $67.50 in New York State -- we will send $70 via Monero if you provide us with your wallet address.
To be eligible for compensation, you will need to contact us with the email associated with your insurance policy (this would be where you receive emails about insurance matters), which we will verify against the email address for your policy in the data.
You can set up a Monero wallet easily using Cake Wallet, Atomic Wallet, or many other options. If we end up getting spammed by false requests, we may have to shut this program down. So please, have some decency and don't ruin it for everyone. DNA users, that means you -- don't do it!
We realise this offer may seem contradictory. Why release the data if we're just going to end up compensating victims for the harm that the release could cause? Simple: We want Unique Computing to be pummelled into oblivion by class action lawsuits, but we want to minimise impact on the blameless individuals their negligence endangered.
We thread the needle as best we can.
To Unique Computing and Nisar Hundewale
This is the first time we are calling out an individual in a leak post, but you, Mr. Hundewale, deserve all the scorn that can be heaped upon you. You left ReFocus AI — a company you co-founded — to deal with the consequences of this breach, while you stuck your head in the sand. You would not even let your IT share your AWS logs with them. You left the React hosts vulnerable after we had warned you they were still appearing as vulnerable in our scans. Even after ReFocus begged you to remediate, it took you weeks to do so. This is criminal negligence and deliberate obfuscation. You actively obstructed your former company's response to the breach. We were out here sharing our logs with ReFocus while you refused their requests to see those for the AWS account in which you were, according to them, storing their data unauthorised. You made it impossible for them to determine that we were the only attackers who had exfiltrated the data.
At every single level, this is entirely your fault, and we hope the cascade of incoming lawsuits brings that fact home to you.
Your developer's personal Gmail address is the name of the S3 bucket holding nearly $800 million worth of insurance portfolio data. Your healthcare AI platform shares an AWS account with voice cloning experiments and a children's education nonprofit. Any company would have to be insane to let you anywhere near their data.
You abandoned your former employees and partners at ReFocus AI. You betrayed the insurance agencies whose data you were illegally storing in your account. And worst of all, you threw the 23,000+ policyholders whose data you were supposed to protect under the bus. did not have the option of walking away.
To ReFocus AI
You were dealt a bad hand by your technical partner. We said we would try to be fair, and we have. The fault here lies with the infrastructure decisions made by Unique Computing, not with your business operations. We hope you find a more responsible technology partner going forward, and we wish you the best in your lawsuit against Unique Computing, which you should win handily.
To Patriotic Insurance, Alliance Insurance Services, Ohio Mutual Insurance Group, and the other 8 agencies
Your data was entrusted to ReFocus AI for churn prediction analytics. ReFocus AI's infrastructure was managed by Unique Computing LLC. Unique Computing stored your complete policyholder databases — driver licences, Social Security Numbers, home addresses, policy details, claims histories — in unencrypted S3 buckets on an AWS account that also hosted personal developer projects and a digital learning platform, behind credentials extractable from an unpatched internet-facing server.
You should be asking some very pointed questions about your vendor due diligence processes.
