Hackers Snatch and Try Unsuccessfully to Ransom Data from IT Service Provider; CityComp’s Big Clients Impacted
Joseph Cox reports:
Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material.
Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company’s website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday.
Read more on Motherboard.
CityComp’s statement on the incident can be found here. It’s a strong statement worth reading.
An onion site with the data dump remains available as of the time of this posting. Some of the data dumped by the hackers, who appear to be linked to a ransomware team that uses the same protonmail email address, appears to be routine business files such as spreadsheets with client employees’ names, functions, phone numbers, mobile numbers, and email addresses. Other files contain other types of information. DataBreaches.net is still reviewing the files, but Charlie Osborne of ZDNet reported earlier that:
customer email addresses and telephone numbers, meetings reports, asset lists — such as servers and other equipment connected to a customer account — as well as some payroll records, project sheets, and accountancy statements were all available.
While DataBreaches.net has not confirmed the authenticity of any of the data, CityComp’s statement does not suggest that there is any question about the authenticity of the data, and they notified all their clients.
There will undoubtedly be a number of updates to this story. I’d love to know why the hackers just dumped so much data instead of trying to sell it off, so I’ve emailed them to ask them, and if I get an explanation, I’ll update this.