Cyber Incident Victim: TIC International Corporation
Date:
Mar 2022
Location:
United States of America
Summary
TIC International Corporation experienced a ransomware attack by the Conti criminal group, resulting in unauthorized access to sensitive consumer data including names, addresses, and Social Security numbers. The insurance plan administrator secured its network, engaged cybersecurity experts, and reported the incident to law enforcement before completing a review of compromised files. Affected individuals were notified following the investigation, with the breach impacting at least 1,989 victims in Texas alone. Conti, identified as a prolific Russian-linked ransomware operation, has historically targeted numerous organizations for financial gain through data encryption and extortion tactics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 30, 2022, TIC International Corporation experienced a network disruption that was subsequently identified as a Conti ransomware attack conducted by a Russian criminal organization. The company reported the incident to the Federal Bureau of Investigation, secured its network, and engaged cybersecurity experts to investigate the breach. The investigation confirmed unauthorized access to documents containing sensitive consumer information, including names, addresses, and Social Security numbers. TIC completed its review of affected files on August 22, 2022, determining the scope of compromised data but not disclosing the total number of impacted individuals beyond the 1,989 victims identified in Texas. The company began mailing data breach notifications to affected parties on September 13, 2022, concurrently reporting the incident to the Texas Attorney General's office. Conti ransomware group, active since 2020, had targeted over 1,000 organizations by August 2022 and accumulated more than $180 million in ransom payments, prompting the U.S. government to offer a $10 million reward for information on key members.
The breach exposed personally identifiable information that could facilitate identity theft and financial fraud against affected consumers. TIC International Corporation, a Carmel, Indiana-based insurance plan administrator with four Midwestern offices and $19 million annual revenue, administers health, pension, and 401(k) benefit funds for employers and insurers. Ransomware attacks like this incident typically involve encryption of victim data followed by extortion demands, with Conti increasingly threatening to publish stolen data on the dark web if ransoms remain unpaid. The Identity Theft Resource Center documented a 103% increase in ransomware attacks from 2020 to 2021, affecting over 41 million people in 2021 alone. TIC's response included network security measures, forensic investigation, victim identification through document review, and regulatory compliance through breach notifications. No information was disclosed regarding whether ransom demands were made, paid, or whether data was published by attackers.