NY: Arnoff Moving & Storage data breach revealed customer information: What we know
Saba Ali reports:
Arnoff Moving & Storage customers may have had their data stolen by hackers as part of a breach, the company said.
The company could not say how many customers may have been impacted, how long ago the data may be from, or if the breach was limited to its regional Mid Hudson Valley branches. While the Poughkeepsie-based company serves Dutchess, Orange, Ulster and Putnam counties, it also has offices in the Capital region, western Connecticut and Massachusetts, and Florida, according to its site.
Read more on Poughkeepsie Journal. This incident appears to be claimed by REvil (Sodinokibi) threat actors, as they announced on their dedicated leak site with their usual antagonistic approach:
Our guys hacked ARNOFF Moving & Storage. They downloaded all sensitive info from the corporate network.
We contacted with vice president of this company and asked will they wanna to get data back or no? Vice president said what we can fuck off and they don’t worry about data leak.They don’t worry about customers personal data. So if you a client of this company – we warn you what now all your private data is UNSAFE, including you billing and shipping address and credit cards info.
Here is some proofs: (all data will be sold next week in different cc shop’s, we was surprised what ARNOFF don’t know anything about PCI DSS).
As proof of claim, they uploaded some images of credit card authorizations, and claim to have more.
It’s not yet clear from the report whether this incident involved any ransomware or encryption of the firm’s files or if this was just a noisy hack and exfiltration of data with a ransom demand to delete data. REvil is certainly capable of using ransomware and has in the past, but did that happen here?