Cyber Incident Victim: MBA Group

MBA Group, a UK-based print services provider with operations in London and Warrington, experienced a disruptive cyber attack around March 30, 2021. The incident halted normal business operations across both sites, rendering phone lines inoperable and forcing the company to work toward restoring systems. Sales director Kevin Stewart issued a public statement indicating the organization aimed to resolve the situation by the end of that week, though specific technical details regarding the attack vector or compromised systems were not disclosed. External analysis of dark web activity identified the ransomware group REvil (also known as Sodinokibi) as the perpetrators of the attack. The company’s lack of responsiveness to media inquiries by the time of reporting left several aspects of the incident unconfirmed, including the full scope of data access or encryption and precise recovery timelines.

The attack occurred amid broader concerns that threat actors were deliberately targeting third-party service providers to financial institutions, potentially seeking indirect access to sensitive banking or customer data through supply chain vulnerabilities. MBA Group’s operational disruption demonstrated immediate consequences, including communication breakdowns evidenced by non-functional phone systems and unspecified delays in service delivery. No public evidence emerged during the initial reporting period confirming whether client data was exfiltrated or whether ransomware payment demands were made. The company’s recovery efforts remained focused on restoring operational continuity, with no detailed disclosures regarding containment measures, forensic investigations, or coordination with law enforcement. The incident underscored the risks to critical business support sectors from sophisticated cyber criminal groups actively exploiting network vulnerabilities.