Cyber Incident Victim: Security Industry Specialists
Date:
Jun 2020
Location:
United States of America
Summary
A security firm experienced a malware attack that encrypted systems and rendered devices inaccessible, prompting an investigation which revealed unauthorized access to network folders and files. Personal information, including names combined with financial account or card numbers alongside security credentials like PINs or passwords, was compromised in the breach. The incident impacted 36,762 individuals, who were notified despite no evidence of data misuse; the firm offered affected parties 12 months of identity monitoring services. Forensic and data mining experts assisted in determining the scope of accessed files and identifying impacted individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 1, 2020, Security Industry Specialists (SIS) discovered a cybersecurity incident when certain systems and devices became inaccessible and encrypted. The company immediately engaged an independent forensics firm to investigate the disruption. By June 26, 2020, the investigation revealed that an unauthorized actor had accessed multiple folders and files on SIS’s network. SIS subsequently hired a data mining firm to analyze the compromised files and identify affected individuals. This analysis concluded on January 19, 2021, when SIS confirmed that personal information was present in the accessed files. The exposed data included individuals’ names or other personal identifiers combined with financial account numbers, credit/debit card numbers, and associated security credentials such as PINs, passwords, or access codes. The forensic timeline indicated the attacker leveraged malware to encrypt systems, though specific malware variants or initial attack vectors weren’t disclosed publicly. SIS did not identify evidence suggesting misuse of the stolen data but initiated notification procedures based on regulatory requirements and precautionary measures.
SIS notified 36,762 affected individuals through mailed communications, offering 12 months of complimentary identity monitoring services via Kroll. The company emphasized transparency in its breach disclosures but declined to provide additional details about the ransomware strain or operational impacts when queried by media outlets. Internal response actions included containment of compromised systems, forensic analysis to determine access scope, and third-party validation of exposed data types. No public statements addressed whether SIS restored systems from backups or paid ransom demands. The incident exposed financial data vulnerabilities but resulted in no confirmed fraudulent activity tied to the breach at the time of disclosure. Notification letters reiterated SIS’s commitment to security improvements while acknowledging the absence of misuse evidence.