Career Group, Inc. notifies more than 49,000 after paying ransom to threat actors
I haven’t seen any mention of this in news or on their web site, but Career Group Inc. suffered a ransomware attack recently and is notifying those impacted. In a copy of the notification submitted to the Maine Attorney General’s Office, they report that on July 2, Career Group Companies detected potential unauthorized access to its network. Investigation confirmed unauthorized access and some data exfiltration between June 28, 2021 and July 7, 2021.
It would seem that that they paid the unidentified threat actors an undisclosed amount, because their notification states:
We received assurances from the unauthorized party that the data removed from our environment was permanently deleted and not further disseminated.
The letter was redacted so it’s not clear what types of information was accessed and/or acquired, but the notification to the state by their external counsel, McDonald Hopkins, PLC, indicated that Social Security Numbers were involved and that 49,476 people were impacted or notified.