ARRL Confirms Data Breach Following Ransomware Attack

The American Radio Relay League (ARRL) recently confirmed that some of its employees’ data was stolen during a ransomware attack in May. Initially described as a “serious incident,” the ARRL, the National Association for Amateur Radio, has since sent data breach notifications to impacted individuals.

On May 14, the attackers breached and encrypted ARRL’s computer systems, prompting the organization to take the impacted systems offline. They also sought external forensic experts to assess the attack’s impact.

A “Sophisticated Ransomware Incident”

In early June, it was revealed that a “malicious international cyber group” had perpetrated a “sophisticated network attack” on the ARRL’s systems. The organization informed individuals whose data was stolen that the unauthorized third party may have acquired their personal information during the incident.

The ARRL has taken all reasonable steps to prevent the further publication or distribution of the stolen data and is working with federal law enforcement to investigate the matter. Impacted data may have included personal information such as names, addresses, and social security numbers.

In a filing with the Office of Maine’s Attorney General, the organization claims that this data breach only affected 150 employees.

Free Identity Monitoring Offered

Although the ARRL has found no evidence that the stolen personal information was misused, they have decided to provide those impacted by this data breach with 24 months of free identity monitoring through Kroll. This decision was made out of “an abundance of caution.”

Who’s Behind the Attack?

The ARRL has not linked the attack to a specific ransomware gang, but sources informed IT Services that the Embargo ransomware operation was responsible for the incident. The group first surfaced in May and has since added only eight victims to its dark web leak site. Some have already been removed, likely because they paid a ransom. However, the ARRL has yet to be listed.

In the breach notifications, the ARRL stated that they have taken “all reasonable steps to prevent your data from being further published or distributed.” This statement suggests that a ransom may have been paid to prevent the data from being leaked.

Firstmac Limited, the largest non-bank lender in Australia, is one of the victims who had over 500GB of stolen data leaked on Embargo’s website.

What’s Next?

As ransomware attacks continue to increase in frequency and sophistication, it’s essential for individuals and organizations to be vigilant and proactive in their cybersecurity efforts. If you want to learn more about protecting your data and staying ahead of cyber threats, we invite you to contact us and keep coming back for the latest information and insights.

Imagine living in a bustling city like Dallas, Texas, the second-largest county in the Lone Star State with over 2.6 million residents. Now, picture over 200,000 of those people receiving a notification about their personal data being exposed to cybercriminals due to the Play ransomware attack in October 2023. It’s a chilling thought, isn’t it?

That’s precisely what happened when the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening to leak data it stole during an attack on its systems, including private documents from various departments. Dallas officials acknowledged the incident a few days later, assuring the public they were reviewing the leaked data when Play published it in early November.

As the leaked data review took a lot of time and people were concerned, Dallas set up a dedicated call center in January 2024. Fast forward to yesterday when Dallas County posted an update about the incident on its website and sent data breach notices to 201,404 impacted individuals, including Dallas residents, employees, and others who interacted with its public services.

The types of data confirmed to have been exposed vary per individual and include the following:

• Full name
• Social Security number (SSN)
• Date of birth
• Driver’s license
• State identification number
• Taxpayer identification number
• Medical information
• Health insurance information

Those whose SSNs and taxpayer identification numbers were exposed will receive two years of credit monitoring and identity theft protection services. While these services can help, it’s crucial that everyone takes their cybersecurity seriously.

In response to the breach, Dallas County has implemented several security-strengthening measures on its networks, including deploying Endpoint Detection and Response (EDR) solutions across all servers, forcing password resets, and blocking malicious/suspicious IP addresses.

What’s going on with Dallas’ cybersecurity?

Unfortunately, this isn’t the first time Dallas County and the City of Dallas have faced cybersecurity incidents. In November 2023, a Dallas County employee fell victim to a social engineering attack by business email compromise (BEC) scammers and sent a fraudulent payment of $2,400,000.

Earlier in May 2023, the City of Dallas suffered a breach from Royal ransomware, which forced it to take offline parts of its IT infrastructure, including police communications. We learned at the time that Royal was printing ransom notices on the City’s printers, which had fallen under the attackers’ control. It was later established that Royal operators leveraged stolen account credentials to maintain access to the compromised systems between April 7 and May 4, during which they exfiltrated over 1 TB of data.

These incidents serve as a stark reminder that we must all take cybersecurity seriously. It’s not just about protecting our personal information but also about safeguarding the essential services and infrastructure we rely on every day.

Don’t wait for a ransomware attack to happen to you or your community. Contact us to learn more about how we can help you prevent cybersecurity incidents and keep your data safe. And remember, always come back to learn more about the latest cybersecurity news and tips.

Picture yourself driving down the highway, enjoying the freedom of the open road when suddenly, your car starts making strange noises. It’s a nightmare for any driver, but it’s also a situation that millions of people find themselves in every year. When that happens, many turn to Advance Auto Parts for help. Unfortunately, a recent cybersecurity incident has left over 2.3 million people with a new set of worries.

Advance Auto Parts, a leading automotive parts provider with a presence in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands, has recently been hit by a massive data breach. On June 5, 2024, a cybercriminal known as ‘Sp1d3r’ claimed to have stolen a 3TB database containing 380 million customer records, orders, transaction details, and other sensitive information from the company.

While Advance Auto Parts confirmed the breach on June 19, they initially stated that it only impacted current and former employees and job applicants. However, as their internal investigation progressed, it became clear that the number of people affected was much larger than initially thought.

A Widespread Impact

According to the breach notification samples submitted to authorities, unauthorized access to Advance Auto Parts’ Snowflake environment occurred over a month, from April 14, 2024, to May 24, 2024. Ultimately, the breach impacted 2,316,591 million people, including current and former employees, as well as job applicants.

The stolen data included full names, Social Security numbers (SSNs), driver’s licenses, and government ID numbers. The company collects this information as part of its job application process, and the compromised cloud database contained the sensitive data of those affected.

Although the cybercriminal claimed to have stolen 380 million records, the actual number of affected individuals is significantly lower. Additionally, the data types exposed in the breach are not as extensive as what the criminal initially advertised for sale. However, it is still a cause for concern for those impacted by the breach.

Protecting Yourself and Your Data

Advance Auto Parts is offering 12 months of complimentary identity theft protection and credit monitoring services through Experian for those affected by the breach. Individuals have until October 1, 2024, to enroll in these services. The company advises potentially impacted individuals to be vigilant for unsolicited communications, monitor their accounts closely, activate fraud alerts, and consider placing a credit freeze.

We contacted Advance Auto Parts to inquire about customer information exposure, but no comment was immediately available. However, it is essential for everyone to remain vigilant and educate themselves on cybersecurity best practices. This incident is a reminder that we must all take cybersecurity seriously and do everything we can to protect our personal information.

Stay Informed and Stay Safe

As cybersecurity experts, we understand the importance of staying informed about the latest threats and best practices for safeguarding your data. That’s why we encourage you to reach out to us and keep coming back to learn more about how to protect yourself and your information in this ever-evolving digital world. Remember, knowledge is power, and staying informed is the first step in keeping your data secure.