Finjan, a data security services firm, reported today that more than 500 megabytes of stolen medical and business data and Social Security Numbers (SSNs) have been found on “crimeservers” in Malaysia and Argentina. The data were stolen from systems for a major airline and a health care provider using widely available hacker toolkits, trojans, and command and control servers.

According to Finjan’s May 2008 Malicious Page of the Month (free registration required), the vulnerable health data was accessible via compromised login information for healthcare systems using Citrix remote access software. Social Security Numbers (TINs – “tax ID numbers” for individuals) were accessible via a compromised IRS employee login.

In early May, Finjan reported on a different server being controlled by hackers that contained a 1.4GB cache of stolen data. Compromised data involved 571 log files from the US, 621 from Germany (DE), 322 from France (FR), 308 from India (IN), 232 from Great Britain (GB), 150 from Spain (ES), 86 from Canada (CA), 58 from Italy (IT), 46 from the Netherlands (NL), and 1,037 from Turkey (TR) and resulted in the company notifying 40 major international financial institutions and law enforcement agencies located in the US, Europe and India.