Cyber Incident Victim: Frost & Sullivan

On June 24, 2020, cybersecurity reports revealed that business consulting firm Frost & Sullivan suffered a data breach involving unauthorized access to sensitive company databases. The incident stemmed from an unsecured backup directory on one of the organization’s public-facing servers, which contained employee and customer records alongside other confidential information. A group identifying itself as KelvinSecurity Team claimed responsibility, advertising the sale of 6,000 customer records and 6,146 company records on a hacker forum. The customer database included non-sensitive details such as client names, email addresses, company contacts, and confidentiality status indicators. The employee database contained more sensitive information, including first and last names, login credentials, email addresses, and hashed passwords. KelvinSecurity described themselves as "Business Intelligence Contractors," though external cybersecurity reports characterized them as a group engaged in illicit activities.

The attackers stated they attempted to contact Frost & Sullivan about the exposed data but received no response, prompting them to list the databases for sale as a method to alert the company. They later clarified they had not actually sold the data and hoped to initiate contact to resolve the issue. Cybersecurity firm Cyble Inc confirmed the backup folder was no longer publicly accessible after the exposure was reported. Frost & Sullivan did not publicly acknowledge the breach or respond to media inquiries regarding the incident. The breach exposed vulnerabilities in the firm’s data storage practices, particularly the misconfiguration of backup directories on internet-facing infrastructure. No further details about containment measures, forensic investigations, or direct impacts on affected individuals were disclosed in available reports.