Cyber Incident Victim: VOXX International
Date:
Jun 2020
Location:
United States of America
Summary
VOXX International experienced a ransomware attack that encrypted certain devices and involved unauthorized access to file servers over several weeks, compromising sensitive data. The breach affected current and former employees, contractors, and their dependents or beneficiaries enrolled in U.S. health or benefit plans, exposing names, addresses, Social Security numbers, financial account details, and health insurance information. The company engaged cybersecurity experts, restored operations, and initiated notifications alongside complimentary credit monitoring services for impacted individuals. Additional security enhancements, including endpoint threat detection tools, were implemented following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 7, 2020, VOXX International Corporation detected a ransomware incident that encrypted data on certain devices within its network. The company immediately initiated an investigation with the assistance of a cybersecurity firm and implemented measures to contain the incident and restore normal operations. Forensic analysis revealed that unauthorized actors had accessed files stored on VOXX file servers during a five-week period prior to the encryption event, specifically between June 4, 2020, and July 7, 2020. This preliminary investigation established that the attackers first gained access to company systems more than a month before deploying the ransomware payload that disrupted operations. The encryption event served as the detection point, prompting the response that uncovered the broader timeline of unauthorized access.
VOXX completed a comprehensive review of affected file servers on September 1, 2020, confirming the compromised data included sensitive personal information of current and former employees, contractors, and their dependents and beneficiaries enrolled in U.S.-based health and benefit plans between 2000 and 2020. The exposed records contained multiple data elements including full names, physical addresses, email addresses, dates of birth, Social Security numbers, financial account numbers, and health insurance information. The company initiated notification procedures for affected individuals, though acknowledged challenges in contacting all potential victims due to outdated address records. VOXX offered complimentary credit monitoring through Experian’s IdentityWorks service to mitigate potential identity theft risks. Concurrently, the organization implemented enhanced security measures across its network, including deployment of an endpoint threat detection and response system to improve future incident detection capabilities. The incident exposed two decades’ worth of sensitive employee and dependent information through compromised file servers that remained accessible to attackers for over a month before detection.