Data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen. They said: “Citycomp has been hacked and blackmailed and the attack is ongoing. We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”
If you are a #CityComp customer: pic.twitter.com/pu32f9eQbP
— @derPUPE@chaos.social (@derPUPE) April 30, 2019
Hackers have attacked hosting firm #Citycomp – which provides services to a number of valuable clients, including #Oracle, #Volkswagen, and #Airbus – and released #financial and personal #data from all those companies: https://t.co/D5ODWpslUz via @motherboard #hackers
— SecurEnvoy Data Discovery (@GeoLangLtd) May 1, 2019
Experts Comments
Warren Poschman, Senior Solutions Architect at comforte AG:
“The data breach at CITYCOMP underscores that data theft for ransom isn’t dead and won’t be anytime soon. Although in most other regions outside of Latin America the focus is instead on ransomware as an attack, and theft of data is typically associated with identity theft or credit card fraud, mayhem and good old extortion are real world threats. Organizations looking to ensure that their data is protected regardless of its location or posession should look to adopt a data-centric security model which ensures that no matter where the data is stored, moved, used or even lost, it is protected and secure – something that could have likely made the CITYCOMP breach a non-event. The right security strategy should protect from both the expected and unexpected!”
Dan Tuchler, CMO at SecurityFirst:
“It’s difficult to protect data, especially with the complicated network of interactions between companies and their many suppliers. In this case the victim, CITYCOMP, has taken necessary steps after the attack and has been transparent about reporting it. But the damage is done – the data is released, and CITYCOMP and their customers have taken a blow to their reputations. Organizations need to not only ensure that their data is secure but also take steps to evaluate the security posture of their suppliers. This is not easy, but is vitally important. Suppliers must be ready to demonstrate that they have locked their critical data, provided access controls, and done a thorough security audit.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.