Cyber Incident Victim: OmegaNet

On May 28, 2014, malware was inserted into OmegaNet's systems, enabling unauthorized capture of information before it underwent encryption. The breach remained undetected until June 16, 2014, when OmegaNet received customer reports of unusual activity on corporate credit cards, triggering their investigation. Within eight days of confirming the incident, OmegaNet notified all affected customers on June 24, 2014, though the method of notification was not specified. The company subsequently engaged legal counsel to formally report the incident to the New Hampshire Attorney General’s Office, disclosing that 10 businesses within the state were impacted. Attackers exploited the malware to intercept sensitive data during processing, though the specific data types and extraction methods were not detailed in regulatory filings. OmegaNet did not publicly identify the malware variant or the initial attack vector used for infiltration.

The breach affected multiple business clients of OmegaNet, including Dennis East International (DEI), which independently notified its own customers following OmegaNet’s disclosure. While OmegaNet’s public client list suggested a broader potential impact, the company did not disclose the total number of affected businesses or individuals beyond the confirmed New Hampshire cases. A supplemental notification was issued to customers on August 5, 2014, though its content and purpose were not elaborated in the state filing. Corporate credit card misuse represented the only confirmed consequence documented in customer complaints. OmegaNet’s notifications omitted details about mitigation services offered to victims, such as credit monitoring or identity theft protection. The company’s public communications did not address whether encryption was bypassed or compromised during the data capture phase of the attack.