DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

CLOP adds more firms to their leak site — but are they all Accellion clients? (UPDATED)

Posted on February 23, 2021February 24, 2021 by Dissent

The threat actors known as “CLOP” have added three more firms to their leak site:  Bombardier, Pentair, and CSA Group.

All three firms have revenues that make them lucrative targets for “big game hunting.”  But were all of these firms clients of Accellion, as were Jones Day and some other firms listed on CLOP’s leak site?

Bombardier has not replied to an inquiry sent to it this morning asking if their breach was related to the Accellion attack, but LeMagIT reports that it is likely to be related. Like DataBreaches.net, they have received no reply to a similar inquiry they sent the firm, but referring to other companies who have been linked to the Accellion breach, they write:

these five companies have historically published web portals where customers or third parties could send and receive large files using the appliance Accellion file transfer. And this also applies to Bombardier, according to data from specialist search engine Shodan, at least until the end of January.

This post will be updated if a reply from Bombardier is received. DataBreaches.net has also sent an inquiry to Pentair of a similar nature.

Update: Bombardier issued the following statement that appears to confirm that this was related to the Accellion breach:


Bombardier Statement on Cybersecurity Breach

Bombardier (TSX: BBD.B) announced today that it recently suffered a limited cybersecurity breach. An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.

In accordance with established cybersecurity procedures and policies, Bombardier promptly initiated its response protocol upon detection of the data security incident. As part of its investigation, Bombardier sought the services of cybersecurity and forensic professionals who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident. Bombardier also notified appropriate authorities, including law enforcement, where required and will continue to work with the authorities as the investigation continues.

Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised. The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application. Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.

With the ever-increasing number and sophistication of cybersecurity attacks on corporate groups, Bombardier remains committed to maintaining the integrity of its IT infrastructure and safeguarding employee, client and supplier information.

About Bombardier

Bombardier is a global leader in aviation, creating innovative and game-changing planes. Our products and services provide world-class experiences that set new standards in passenger comfort, energy efficiency, reliability and safety.

Headquartered in Montréal, Canada, Bombardier is present in more than 12 countries including its production/engineering sites and its customer support network. The Corporation supports a worldwide fleet of approximately 4,900 aircraft in service with a wide variety of multinational corporations, charter and fractional ownership providers, governments and private individuals.

News and information is available at bombardier.com or follow us on Twitter @Bombardier.


Update 2:  Pentair sent the following statement to DataBreaches.net:

Thank you for reaching out to us; we appreciate your inquiry as Pentair takes cybersecurity seriously. Pentair has not used Accellion since the Fall of 2020. Additionally, Pentair was not on the FTA platform at that time. Pentair remains committed to safeguarding employee, supplier, and customer information.

Luckily for them, they were not using the service by mid-December. But then how did they wind up on CLOP’s leak site?  DataBreaches.net is following up on that.

Pentair responded to this site’s follow-up inquiry asking whether they could confirm that they had had a breach:

Thank you for your inquiry. We are conducting a thorough investigation of this matter. Pentair takes cybersecurity seriously, and is committed to safeguarding employee, supplier and customer information

Related Posts:

  • Mandiant issues final report on its investigation…
  • Trillium Community Health Plan members impacted by…
  • University of Maryland, Baltimore responds to…
  • The Accellion breach also impacted Qualys; threat…
  • Ca: Durham Region hit by cyberattack

Post navigation

← Finnish IT Giant Hit with Ransomware Cyberattack
AO: Ministry of Finance suffers cyber attack →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Founder and Majority Owner of Cryptocurrency Exchange Pleads Guilty to Unlicensed Money Transmitting
  • Hackers hit Erris water in stance over Israel
  • Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net