Data stolen from US network infrastructure powerhouse CommScope has been leaked on the dark web following an alleged ransomware attack.
Ransomware operators known as Vice Society published a “treasure trove” of personally identifiable data on CommScope’s customers and employees, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, bank account information, as well as scans of employee passports and visa documentation.
To obtain this data, the threat actors needed “deep access” to the company’s network, which they seem to have got by accessing both the MyCommScope customer portal and the company’s intranet.
Missing crucial details
Other important details, such as how hackers made it into the network, if any malware (opens in new tab) was used, how long they were there, how many people are affected, or how high of a ransom is being demanded, are not known. CommScope’s spokesperson gave the usual statement prepared in advance, but declined to comment further.
On March 27, the company discovered “unauthorized access to a portion of our IT infrastructure that we determined was the result of a ransomware incident,” said CommScope spokesperson Cheryl Przychodni.
“Upon discovery, we immediately launched a forensic investigation with the assistance of a leading cybersecurity firm and reported the matter to law enforcement,” Przychodni added. “We are working with our third-party experts to validate those claims and to understand the nature of the information at issue as a top priority,” she said. “We are undergoing a thorough review of any impacted data with all possible speed.”
The spokesperson also said that the initial investigation did not find any evidence of customer information theft, but did not say if the company has the ability to determine what data was taken from its systems.
CommScope counts more than 30,000 employees, and while it’s highly unlikely that all of them are affected by this incident, until the company comes forward with a more concrete number, it’s impossible to determine the true scope of the breach.
Via: TechCrunch (opens in new tab)