Connect with us


Johnson Controls Suffers $27 Million Loss in Devastating Ransomware Attack, Confidential Data Stolen

Johnson Controls has reported a $27 million loss due to a ransomware attack. The company confirmed data theft, including sensitive information, and has taken measures to prevent further attacks. Learn more about the incident and the cybersecurity steps Johnson Controls is implementing to protect its operations.



Johnson Controls logo in front of a building, showcasing their commitment to protecting confidential data in the face of potential ransomware attacks.

Picture this: a multinational conglomerate with a hand in everything from industrial control systems to fire safety equipment suffers a ransomware attack that costs the company $27 million and leads to a major data breach. Sounds like a nightmare, right? Well, that’s exactly what happened to Johnson Controls International in September 2023.

A ransomware attack that shook the company to its core

It all started when hackers breached Johnson Controls’ Asia offices, then spread throughout the company’s network. This forced the firm to shut down large portions of its IT infrastructure, affecting customer-facing systems.

Behind the attack was the Dark Angels ransomware gang, which claimed to have stolen over 27 TB of confidential data from Johnson Controls. The hackers demanded a whopping $51 million ransom to delete the data and provide a file decryptor.

For some context, the Dark Angels ransomware gang was launched in May 2022, using encryptors based on the leaked source code of the now-defunct Babuk and Ragnar Locker operations.

Johnson Controls finally comes clean

Initially, Johnson Controls acknowledged a service disruption and attributed the cause to a “cybersecurity incident,” but didn’t provide details on the type of the attack or the possibility of it having caused a data breach.

However, in a quarterly report filed with the U.S. Securities and Exchange Commission (SEC) in January 2024, the company confirmed that the cyberattack they suffered was a ransomware attack that resulted in the theft of data.

Even more troubling, Johnson Controls revealed that the expenses associated with responding to and remediating the cyberattack amounted to $27 million. And they expect this cost to rise in the coming months as they continue to determine what data was stolen and work with external cybersecurity forensics and remediation experts.

What’s next for Johnson Controls?

Based on the information to date, Johnson Controls is confident that the unauthorized activity has been fully contained, and its digital products and services, including OpenBlue and Metasys, are all available.

But this incident serves as a stark reminder of the importance of cybersecurity and the potential consequences of falling victim to a ransomware attack.

Don’t let your company become the next Johnson Controls

With cyberattacks on the rise, it’s crucial for businesses of all sizes to prioritize cybersecurity and invest in robust solutions to protect their data, networks, and systems. That’s where we come in. Our IT Services can help you safeguard your company’s digital assets and stay ahead of the constantly evolving threat landscape.

So don’t wait for a cyberattack to cripple your business. Contact us today to learn more about our expertise in cybersecurity and how we can help you protect your company’s valuable data and systems. And remember, it’s better to be proactive than reactive when it comes to cybersecurity.


ALPHV Ransomware Strikes: LoanDepot and Prudential Financial Suffer Devastating Breaches

AlphV ransomware operators claim to have breached loanDepot and Prudential Financial, allegedly exfiltrating sensitive data. Both companies are investigating the incidents, emphasizing the need for strong cybersecurity measures in the finance sector. Learn more about the AlphV ransomware group’s attack methods and the potential impact on these financial institutions.



A man in a hoodie with a laptop in front of a city, representing the growing threat of ALPHV Ransomware.

A Recent Cybersecurity Breach: What Happened?

Did you hear about the recent ransomware attack on Prudential Financial and loanDepot? The ALPHV/Blackcat cyber gang has claimed responsibility for these breaches. The two companies were recently added to ALPHV’s dark web leak site, and the cybercriminals have some unsettling plans.

For loanDepot, the attackers plan to sell the stolen data, while for Prudential, they intend to release the data for free after failed negotiations. Let’s take a closer look at the impact of these breaches on the companies and their customers.

loanDepot: Mortgage Lender in Trouble

loanDepot, one of the largest U.S. nonbank retail mortgage lenders, confirmed a ransomware attack on January 8th. At least 16.6 million people had their personal information stolen in this attack. The company has since announced that it will notify those impacted and provide them with free credit monitoring and identity protection services.

Prudential Financial: Employee and Contractor Data Stolen

Prudential Financial, the second-largest life insurance company in the U.S., also fell victim to a network breach. The company revealed that a suspected cybercrime group breached its network on February 4th and stole employee and contractor data. So far, there’s no evidence that customer or client data was also stolen, but an ongoing investigation is assessing the full scope and impact of the incident.

Who’s Behind This?

The ALPHV gang, believed to be a rebrand of the DarkSide and BlackMatter ransomware operations, is responsible for these attacks. You might remember this group from the notorious Colonial Pipeline attack, which led to extensive investigations by law enforcement agencies worldwide. The gang has since gone through two rebrands.

A Call to Action: Stop ALPHV

The U.S. State Department recently announced rewards of up to $10 million for tips that could lead to the identification or location of ALPHV gang leaders. Additionally, a $5 million reward is offered for information on individuals linked to or attempting to participate in ALPHV ransomware attacks.

The FBI has linked the group to over 60 breaches worldwide during its first four months of activity. They estimate that ALPHV has raked in at least $300 million in ransom payments from over 1,000 victims until September 2023.

What Can We Learn From This?

These recent breaches serve as a stark reminder of the importance of cybersecurity for businesses and individuals alike. The threats posed by cybercriminals are ever-evolving, and staying informed is key to protecting yourself and your data.

At IT Services, we’re committed to keeping you updated on the latest cybersecurity news and helping you stay protected. Don’t hesitate to contact us for guidance and support. And remember, keep coming back to learn more about how to stay safe in the digital world!

Continue Reading


Integris Health Reveals Massive Data Breach Affecting 2.4 Million Patients: Urgent Update

Integris Health has reported a data breach that impacted 2.4 million patients. The breach was linked to the theft of an employee’s laptop and two hard drives, which contained personal data such as names, addresses, and medical information. Integris has not yet announced any plans to provide identity theft protection to affected patients.



A nurse at Integris Health is walking down a hallway, attending to patients.

A Massive Data Breach Hits Oklahoma’s Largest Healthcare Network

Integris Health, Oklahoma’s largest not-for-profit healthcare network, recently revealed the extent of a data breach it suffered last November. The breach exposed the personal information of nearly 2.4 million people, making it a significant incident that demands attention.

Patients Receive Extortion Emails as a Result of the Breach

In December 2023, Integris Health confirmed it had suffered a cyberattack after patients started receiving extortion emails. These emails contained sensitive personal information and threatened that the stolen data would be sold to other cybercriminals unless the healthcare organization met the attacker’s demands by January 5, 2024.

Interestingly, the attackers claimed that their attack did not involve encryption, and they only stole the data. As a result, Integris Health’s network remained functional, allowing them to continue providing services to patients.

Stolen Patient Data Available on the Dark Web

The emails that patients received included accurate information and linked to a website on the Tor network hosting the stolen details. However, access to this information was not free. Visitors could either pay $50 and take the attacker’s word that their details would be removed, or pay $3 to view information belonging to any other impacted individual.

What Kind of Data Was Leaked?

In a recent notification, Integris Health confirmed the types of patient data impacted by the breach:

  • Full name
  • Date of birth
  • Contact information
  • Demographic information
  • Social Security Number (SSN)

Fortunately, the leaked data did not involve employment information, driver’s licenses, account credentials (usernames and passwords), or financial information.

A Dark Web Marketplace and the Number of Affected Patients

The attackers claimed they were selling data for 2.3 million Integris patients on a dark web marketplace. However, the U.S. Department of HHS Office for Civil Rights (OCR) portal now shows that the number of impacted Integris Health patients is actually 2,385,646.

What’s Next for the Affected Patients?

Integris Health says all affected patients will receive individual notifications. They encourage recipients to remain vigilant and report any identity theft or fraud attempts as soon as possible.

The organization has also published an FAQ in the form of a PDF that offers additional information about the incident, its impact on patients, and protective steps they can take.

Be Prepared for the Aftermath

It’s essential to remember that the deadline set by the threat actor for Integris Health to pay a ransom has long passed, meaning the stolen data has likely been sold or shared with other cybercriminals. These criminals could use the information for various scams, phishing, or other types of attacks.

Stay Informed and Stay Protected

As an IT Services expert, we’re here to help you stay informed about cybersecurity threats and offer guidance on how to protect yourself and your organization. Contact us to keep learning more and ensure you’re prepared for the ever-evolving landscape of cybersecurity.

Continue Reading


Bank of America Alerts Clients of Data Breach Following Devastating Vendor Hack

Bank of America (BoA) has issued a data breach warning to customers after a third-party vendor suffered a cyber attack. BoA disclosed that customers’ Paycheck Protection Program (PPP) loan application data was exposed, including contact information and Social Security numbers. BoA is offering free identity theft protection services to affected customers.



A Bank of America sign against a backdrop of a blue sky.

Bank of America warns customers of data breach

Imagine you’re settling in for the evening, ready to unwind after a long day at work, and you receive an email from your bank. The subject line reads “Important: Data Breach Notification.” Your heart sinks. What’s going on? Well, that’s the situation many Bank of America customers are currently facing after the bank recently warned them of a data breach that exposed their personal information due to a service provider getting hacked last year.

The exposed data includes names, addresses, social security numbers, dates of birth, and financial information, such as account and credit card numbers. While the exact number of affected customers remains undisclosed, Infosys McCamish Systems (IMS), the vendor whose systems were compromised, reported that 57,028 individuals had their data exposed in the incident. To put this into perspective, Bank of America serves approximately 69 million clients across the globe.

How did this happen?

IMS, a subsidiary of IT consulting giant Infosys, experienced a cybersecurity event in early November 2023 when an unauthorized third party accessed its systems. This resulted in the non-availability of certain IMS applications, and on November 24, IMS informed Bank of America that data concerning deferred compensation plans serviced by the bank may have been compromised. It’s essential to note that Bank of America’s own systems were not breached in this incident.

Unfortunately, it is unlikely that we’ll ever know for sure what personal information was accessed during this breach at IMS.

The LockBit ransomware attack on IMS

So who’s behind this attack? The LockBit ransomware gang claimed responsibility for the IMS breach, stating that its operators encrypted over 2,000 systems during the attack. Since its emergence in September 2019, the LockBit ransomware-as-a-service (RaaS) operation has targeted many high-profile organizations.

In June, cybersecurity authorities in the United States and partners worldwide released a joint advisory estimating that the LockBit gang has extorted at least $91 million from U.S. organizations following roughly 1,700 attacks since 2020.

What’s next?

As a Bank of America customer, or any bank customer for that matter, you might be wondering what you can do to protect yourself from such incidents in the future. While the banks and their service providers should take the utmost precautions to safeguard your data, there’s no harm in taking some steps on your own to ensure your information remains secure.

Regularly monitor your account statements for any suspicious activity, strengthen your passwords, and be cautious about sharing personal information online. You can also consider using credit monitoring services to stay informed about any potential identity theft threats.

Stay informed and stay protected

At IT Services, we understand how important it is to stay updated on the latest cybersecurity threats and best practices. That’s why we’re committed to keeping you informed and providing expert advice to help keep your personal data secure.

So why not stay connected with us? Together, we can navigate the ever-evolving cybersecurity landscape and work towards a more secure digital future. Contact us or keep coming back to learn more about how you can protect yourself and your data from cyber threats.

Continue Reading


Copyright © 2023 IT Services Network.