CYBER CORNER

Consumers in two states have filed proposed class action lawsuits against a wireless telecommunications carrier alleging harm following a second data breach at the company, which potentially impacted approximately 37 million subscribers. The complaints alleged negligence, unjust enrichment, breach of contract, and invasion of privacy due to disclosure of personal information. An attorney representing one group of consumers called the company’s actions “particularly egregious, as this data breach was highly foreseeable.”

According to the company, it discovered the second breach after learning that an intruder had entered their network. The next day, the company brought in forensics experts who commenced an investigation. The outside investigators were able to locate the source of the breach and halt the further theft of data. 

In a disclosure to the Securities and Exchange Commission, the company maintained that they had contained the intrusion, while acknowledging that the investigation was ongoing. The company also stated that any disclosure of data was limited to names, contact information and account numbers, but did not include payment method data or Social Security numbers. Impacted customers are being notified, and the company noted that it might incur “significant expenses” in managing its response to the event. The incident follows a prior breach at the company, which led to a settlement that included compensation to affected individuals and substantial investments in the company’s cybersecurity.

The Federal Bureau of Investigation (FBI), in cooperation with its German and Dutch counterparts, seized servers and websites belonging to Hive, a prominent ransomware crime syndicate, terminating hundreds of extortion threats and saving its victims about $130 million in potential ransom payments, according to a statement released by the U.S. Department of Justice (DOJ).

The announcement was made by Attorney General Merrick Garland at a press conference. Garland indicated that the FBI managed to infiltrate the group and obtained over 300 decryption keys that were distributed to the syndicate’s victims worldwide. According to Garland, the FBI also seized two of the group’s servers pursuant to a court order and worked with European law enforcement agencies to gain access to other servers as well as websites belonging to Hive. The investigation is ongoing, and while no arrests have been made, the FBI continues to pursue the perpetrators. The DOJ is also seeking to seize the group’s cryptocurrency from prior ransom payments and will look to criminally prosecute Hive members where feasible.

Hive employs a business model known as “ransomware-as-a-service,” through which would-be cybercriminals can essentially contract with the gang to help them carry out ransomware attacks for a fee. The “service” is marketed by middlemen who earn a commission for each payment extorted. Hive often utilizes a “double extortion” scheme in which the threat actors not only encrypt the victims’ data but threaten to disclose it on the gang’s websites. Victims are then coerced into paying a ransom in exchange for the decryption key as well as a commitment by the threat actor to not publish the information that was taken. The DOJ claims that Hive has targeted over 1,500 victims in this fashion, including businesses, schools, and hospitals.