BreachExchange mailing list archives
Canadian MSP discloses data breach, failed ransomware attack
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 3 Aug 2020 09:35:42 -0500
https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/ Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted in sensitive information being accessed by the hackers. The incident occurred last month and hit impacted data held by the parent company and its subsidiaries and/or former and current affiliates. No encrypted systems Threat actors were not able to complete the attack and encrypt files on the company systems but they spent enough time on the network to access sensitive information and also steal some of it. Pivot’s quick response to the June 12 incident made it possible to continue operations, said Kevin Shank, President and CEO of the company, earlier this month. An investigation of the incident conducted by a cyber forensic firm revealed on July 1 that the intruders had access to and exfiltrated “limited personal information of US employees and consultants.” Specifically, inspection revealed on July 7 that the attackers compromised names, addresses, dates of birth, gender, disability status, and type of insurance coverage. They also pulled payroll data (details about deductions, 401k forms, income, and benefits), banking details (routing and account numbers), social security numbers and related information. In a notification letter for affected parties recorded by the California Office of the Attorney General, the company informs that the hackers accessed data stored by the following subsidiaries and past and present affiliates: - Pivot Technology Services Corporation (New Prosys) - TeraMach Technologies - Pivot Acquisition Corp. - ACS (US), Inc. - Applied Computer Solutions, Inc. - Austin Ribbon & Computer Supplies, Inc. - ProSys Information Systems, Inc. - Smart-Edge.com, Inc. - Pivot Shared Services, Ltd. Following this incident, all companies have improved their security protocols for defending their networks, email systems, workstations, and personal information. Pivot advises affected parties to take additional steps to protect against identity theft and offers free monitoring solutions to track ill-doings stemming from this attack. Pivot Technology Solutions provides managed IT services to governments, educational institutions, and various organizations in the private sector, some of them being members of Fortune 1,000. MSPs are valuable target to ransomware actors, who can use access to its networks to pivot to customer systems. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Canadian MSP discloses data breach, failed ransomware attack Destry Winant (Aug 03)