Cyber Incident Victim: BLK Sport
Date:
Apr 2021
Location:
Australia
Summary
BLK Sport experienced a ransomware attack attributed to the DarkSide group, potentially compromising sensitive information due to the attackers' operational patterns. The breach may have exposed customer and supplier data, including names, addresses, contact details, contractual agreements, order histories, and supplier bank account information, though the organization could not definitively confirm data exfiltration. Systems hosted externally, such as the online ordering platform storing usernames, passwords, and payment details, remained unaffected; however, information transmitted via email was identified as a possible exposure vector.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 21, 2021, BLK Sport experienced a cyberattack attributed to the DarkSide ransomware group. The company publicly disclosed the incident on May 26, 2021, confirming unauthorized access to their systems. While BLK Sport could not definitively confirm data exfiltration occurred during the breach, they stated it must be assumed due to DarkSide's established operational patterns of stealing information prior to deploying ransomware. The potentially compromised data included extensive customer details such as names, physical addresses, contact information (phone numbers, email addresses), contract specifics, and order histories. Supplier information was similarly affected, with exposed records containing names, addresses, representative contact details, contractual agreements, order data, and bank account information. BLK Sport emphasized that entities providing goods or services to the company were included in this supplier data exposure. The breach notification indicated the attackers targeted information stored within BLK's internal systems during the intrusion period.
BLK Sport clarified that systems operating on external servers remained unaffected, specifically highlighting their online ordering platform as uncompromised. This exclusion encompassed usernames, passwords, and payment card details entered into that external system. However, the company acknowledged that information transmitted via email communications might have been accessed during the attack. Following containment of the breach, BLK Sport initiated incident response protocols including forensic investigations to assess intrusion pathways and data exposure scope. They issued formal notifications to customers and suppliers outlining the potential compromise of their information while maintaining transparency about the inability to conclusively determine data theft. No evidence suggested misuse of the potentially accessed data at the time of disclosure, though the company continued monitoring for related fraudulent activity.