Security firm notifies 36,762 after malware attack
Since 2019, Security Industry Specialists seems to have kept a subdued profile on the Internet. Their web site, Twitter, and Facebook accounts have not been updated since 2019, and you might get the impression that their web site had been abandoned. But checking on LinkedIn, the firm is actively hiring, and they have almost 2,000 employees.
SIS has disclosed a data breach that they discovered on June 1, 2020, when some of their systems and devices became inaccessible and encrypted. SIS immediately retained an independent forensics firm to investigate, and on June 26, they learned that an unauthorized actor had gained access to a number of folders and files on its network. A data mining firm was then hired to determine the scope of the impacted individuals and information contained in the files that were accessed.
On January 19, 2021, SIS learned that personal information was contained in some of the impacted files. The type of information included the individual’s name or other personal identifier in combination with financial account number or credit/debit card number (in combination with security code, access code, password or PIN for the account).
In notifications sent out this week, SIS noted that they had no indication of any misuse of the data, but were notifying people “out of an abundance of caution.” [That is a claim that I wish was outlawed, especially when state law actually requires notification.]
Notifications were sent to 36,762 people. SIS offered those affected 12 months of identity monitoring services with Kroll.
DataBreaches.net sent an inquiry yesterday seeking additional details about the breach and ransomware, but has received no reply by publication time. This post will be updated if a reply is received.