Accellion data breach: Difference between revisions
added and remove incidents |
Added more incidents |
||
| Line 17: | Line 17: | ||
[[File:Hacker group last warning message.png|thumb|Hacker group last warning message]] | [[File:Hacker group last warning message.png|thumb|Hacker group last warning message]] | ||
==List of responses from affected organizations <!-- This contains only companies having any resemblance to consumers -->== | ==List of responses from affected organizations<!-- This contains only companies having any resemblance to consumers -->== | ||
Companies began being informed of the breach around January through March, later releasing statments about the incident. Several companies decided to terminate their agreements with Accellion and collaborate with law enforcement and other companies, while also reach out to potentially affected customers. <ref>{{Cite web |last=Panettieri |first=Joe |date=14 January 2022 |title=Accellion Vulnerabilities, Cyberattacks, Victims, Lawsuits: Customer List and Status Updates |url=https://www.msspalert.com/news/accellion-vulnerabilities-victim-list |url-status=live |access-date=26 March 2026 |website=MSSP Alert}}</ref> <ref>{{Cite web |last=Firch |first=Jason |date=14 May 2024 |title=Accellion Data Breach: What Happened & Who Was Impacted? |url=https://purplesec.us/breach-report/accellion-data-breach/ |url-status=live |access-date=26 March 2026 |website=Purplesec}}</ref> | Companies began being informed of the breach around January through March, later releasing statments about the incident. Several companies decided to terminate their agreements with Accellion and collaborate with law enforcement and other companies, while also reach out to potentially affected customers.<ref>{{Cite web |last=Panettieri |first=Joe |date=14 January 2022 |title=Accellion Vulnerabilities, Cyberattacks, Victims, Lawsuits: Customer List and Status Updates |url=https://www.msspalert.com/news/accellion-vulnerabilities-victim-list |url-status=live |access-date=26 March 2026 |website=MSSP Alert}}</ref><ref>{{Cite web |last=Firch |first=Jason |date=14 May 2024 |title=Accellion Data Breach: What Happened & Who Was Impacted? |url=https://purplesec.us/breach-report/accellion-data-breach/ |url-status=live |access-date=26 March 2026 |website=Purplesec}}</ref> | ||
===Singtel=== | ===Singtel=== | ||
| Line 32: | Line 32: | ||
On 22 January, the city was first alerted of the incident by unknown sources, however the city issued a response on April 2021.<ref>{{Cite web |date=30 April 2021 |title=Toronto hit by ‘potential cyber breach’ from Accellion file transfer software |url=https://databreaches.net/2021/04/30/toronto-hit-by-potential-cyber-breach-from-accellion-file-transfer-software/ |url-status=live |access-date=27 March 2026 |website=Databreaches.net}}</ref> When asked, a spokesperson responded by claiming "“It takes time to reach any sort of conclusion in view of the legacy system that was breached and the extent of investigation required." it was reported that around 35,000 citizens information was affected in the attack, however the city didn't receive a ransom email, leading to some speculation in the community of the meaning of the silence.<ref>{{Cite web |last=Woodward |first=Jon |date=30 December 2021 |title=Toronto feared 35,000 citizens' data would be made public after cyberattack: documents |url=https://www.ctvnews.ca/toronto/article/toronto-feared-35000-citizens-data-would-be-made-public-after-cyberattack-documents/ |url-status=live |access-date=26 March 2026 |website=CTV News}}</ref><ref>{{Cite web |last=Adriano |first=Lyle |date=3 May 2021 |title=Toronto reveals potential cyber breach |url=https://www.insurancebusinessmag.com/ca/news/cyber/toronto-reveals-potential-cyber-breach-253921.aspx |url-status=live |access-date=26 March 2026 |website=Insurance Business}}</ref> | On 22 January, the city was first alerted of the incident by unknown sources, however the city issued a response on April 2021.<ref>{{Cite web |date=30 April 2021 |title=Toronto hit by ‘potential cyber breach’ from Accellion file transfer software |url=https://databreaches.net/2021/04/30/toronto-hit-by-potential-cyber-breach-from-accellion-file-transfer-software/ |url-status=live |access-date=27 March 2026 |website=Databreaches.net}}</ref> When asked, a spokesperson responded by claiming "“It takes time to reach any sort of conclusion in view of the legacy system that was breached and the extent of investigation required." it was reported that around 35,000 citizens information was affected in the attack, however the city didn't receive a ransom email, leading to some speculation in the community of the meaning of the silence.<ref>{{Cite web |last=Woodward |first=Jon |date=30 December 2021 |title=Toronto feared 35,000 citizens' data would be made public after cyberattack: documents |url=https://www.ctvnews.ca/toronto/article/toronto-feared-35000-citizens-data-would-be-made-public-after-cyberattack-documents/ |url-status=live |access-date=26 March 2026 |website=CTV News}}</ref><ref>{{Cite web |last=Adriano |first=Lyle |date=3 May 2021 |title=Toronto reveals potential cyber breach |url=https://www.insurancebusinessmag.com/ca/news/cyber/toronto-reveals-potential-cyber-breach-253921.aspx |url-status=live |access-date=26 March 2026 |website=Insurance Business}}</ref> | ||
=== CXS === | ===CXS=== | ||
On 02 May, CXS made a statement highlighting the incident only leaking current and past employees personal information. The company didn't provide much details surrounding the incident in regards to customers or specific type of information, only saying “''To date, this incident has had no impact on business operations or our ability to serve our customers''".<ref>{{Cite web |date=2 March 2021 |title=CSX probes ‘security incident’ as hackers leak data |url=https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data |url-status=live |access-date=27 March 2026 |website=Freightwaves}}</ref><ref>{{Cite web |last=Lester |first=David |date=3 March 2021 |title=CSX suffers data exposure by hackers |url=https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ |url-status=live |access-date=26 March 2026 |website=RT&S}}</ref> | On 02 May, CXS made a statement highlighting the incident only leaking current and past employees personal information. The company didn't provide much details surrounding the incident in regards to customers or specific type of information, only saying “''To date, this incident has had no impact on business operations or our ability to serve our customers''".<ref>{{Cite web |date=2 March 2021 |title=CSX probes ‘security incident’ as hackers leak data |url=https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data |url-status=live |access-date=27 March 2026 |website=Freightwaves}}</ref><ref>{{Cite web |last=Lester |first=David |date=3 March 2021 |title=CSX suffers data exposure by hackers |url=https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ |url-status=live |access-date=26 March 2026 |website=RT&S}}</ref> | ||
| Line 63: | Line 63: | ||
===California Health & Wellness=== | ===California Health & Wellness=== | ||
California Health & Wellness became aware of the attack after being alerted from Accellion on 25 January, which upon notice immediately conducted an investigation alongside Accellion.<ref>{{Cite web |last=Adler |first=Steve |date=6 April 2021 |title=More Than 1.2 Million Health Net Members Affected by Accellion Cyberattack |url=https://www.hipaajournal.com/more-than-1-2-million-health-net-members-affected-by-accellion-cyberattack/ |url-status=live |access-date=28 March 2026 |website=The Hippa Journal}}</ref> In a statement released on ---, California Health & Wellness confirmed customers address, date of birth, insurance ID number, and related health information was compromised. The company announced plan to cease operation of Accellion software and gave affected customers 1 year identity protection service with IDX membership.<ref>{{Cite web |date=29 March 2026 |title=Notice of Data Breach |url=https://oag.ca.gov/system/files/California%20Health%20%26%20Wellness%20-%20Accellion%20Breach%20Notice%20Letter.pdfhttps://oag.ca.gov/system/files/California%20Health%20%26%20Wellness%20-%20Accellion%20Breach%20Notice%20Letter.pdf |url-status=live |access-date=29 March 2026 |website=ca.gov}}</ref> | |||
===Arizona Complete Health=== | ===Arizona Complete Health=== | ||
Arizona Complete Health released a statement on 26 February, confirming around 27,000 customers addresses, date of birth, insurance ID numbers, and medical conditions, were compromised after being informed of the attack on 25 January, The company announced it would cease operation of Accellion systems, removing all related data associated, and provide affected customers 1 year of credit monitoring services.<ref>{{Cite web |last=Drees |first=Jackie |date=18 March 2021 |title=Ransomware attack exposes 27,000+ Arizona health plan members’ data for 2.5 weeks |url=https://www.beckershospitalreview.com/healthcare-information-technology/cybersecurity/ransomware-attack-exposes-27-000-arizona-health-plan-members-data-for-2-5-weeks/ |url-status=live |access-date=29 March 2026 |website=beckershospitalreview.com}}</ref><ref>{{Cite web |date=26 February 2021 |title=Arizona Complete Health (AzCH) received information that one of our business partners was a victim of a cyber-attack. |url=https://www.azcompletehealth.com/newsroom/cyber-accellion.html |url-status=live |archive-url=https://web.archive.org/web/20210318182004/https://www.azcompletehealth.com/newsroom/cyber-accellion.html |archive-date=18 March 2021 |access-date=29 March 2026 |website=Arizona Complete Health}}</ref> | |||
===Goodwin Procter=== | ===Goodwin Procter=== | ||
{{Incomplete section}} | |||
===Jones Day=== | ===Jones Day=== | ||
The company provided little information regarding the attack, with only responding in a statement made to the Wall Street Journal that it was affected by the attack. Allegedly, there was plan to arrange an agreement between CLOP, however the company went silent, resulting in releasing information about Jones Day clients. The hacker organization CLOP responded to the company's silence;<ref>{{Cite web |date=16 February 2021 |title=Jones Day disputes claimed breach; points to hacked vendor; hacker points back to them (UPDATE2) |url=https://databreaches.net/2021/02/16/jones-day-disputes-claimed-breach-points-to-hacked-vendor-hacker-points-back-to-them/ |url-status=live |access-date=29 March 2026 |website=DataBreaches.net}}</ref><ref>{{Cite web |last=Koebler |first=Jason |last2=Cox |first2=Joseph |last3=Bicchierai |first3=Lorenzo |date=16 February 2021 |title=Hacker Leaks Files from Jones Day Law Firm, Which Worked on Trump Election Challenges |url=https://www.vice.com/en/article/hacker-leaks-files-from-jones-day-law-firm-which-represented-trump-in-election-challenges/ |url-status=live |access-date=29 March 2026 |website=Vice}}</ref><ref>{{Cite web |date=13 February 2021 |title=Threat actors claim to have stolen Jones Day files; law firm remains quiet |url=https://databreaches.net/2021/02/13/threat-actors-claim-to-have-stolen-jones-day-files-law-firm-remains-quiet/ |url-status=live |access-date=29 March 2026 |website=DataBreaches.net}}</ref><blockquote>''" we hacked their server where the Accellion was and took the data from there, we spammed all over the company and all over the contact sheet they repeatedly entered the chat and were silent"''</blockquote> | |||
===CalViva Health=== | === CalViva Health === | ||
The company sent an email to affected customers on 24 March after being informed by Accellion on 25 January. It lists customers Addresses, date of birth, insurance ID Number, and health information were compromised. The company announced discontinuation of Accellion services and gave affected customers 1 year IDX membership.<ref>{{Cite web |date=24 March 2021 |title=Notice of Data Breach |url=https://oag.ca.gov/system/files/CalViva%20-%20%20Accellion%20Breach%20Notice%20Letter.pdf |url-status=live |access-date=29 March 2026 |website=oag.ca.gov}}</ref> | |||
==Lawsuit== | ==Lawsuit== | ||