Cyber Incident Victim: Chattanooga Area Chamber of Commerce
Date:
Dec 2021
Location:
United States of America
Summary
A ransomware attack compromised the Chattanooga Area Chamber of Commerce's systems, potentially exposing member emails, passwords, and publicly available business details. Hackers claimed to exfiltrate 77 gigabytes of sensitive internal data, including employee lists, financial records, payroll information, W-2 forms, and accounting documents, advertising it for sale online. The organization confirmed ongoing forensic investigations but stated it does not store member financial or payment data. While the advertised data sample included signatures, budgets, and investor contacts, the accuracy of these claims remained unverified. Members were advised to update critical passwords due to risks from reused credentials across platforms. Cybersecurity experts emphasized the severity of the breach given the sensitive nature of the allegedly stolen information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 9, 2020, the Chattanooga Area Chamber of Commerce experienced a breach of its technology systems, compromising member account credentials and publicly available business information. The Chamber notified its 1,800-2,000 business members on December 13, 2020, warning that member emails and passwords may have been accessed alongside non-sensitive data such as business names and addresses. The organization advised members to change critical passwords due to the common practice of password reuse across multiple platforms, though it explicitly stated it did not store members' financial or payment information. No immediate details about the attack vector or specific compromised systems were disclosed publicly. The Chamber initiated a forensic investigation that remained ongoing as of January 2022, according to Sybil Topel, the organization's vice president for marketing and communications.
Approximately thirteen months after the initial breach, transparency activist Emma Best revealed on January 1, 2022, that a ransomware group claimed possession of 77 gigabytes of data allegedly stolen from the Chamber. Distributed Denial of Secrets, Best's whistleblower organization, published a screenshot showing hackers advertising sensitive materials including W-2 forms (2016-2020), payroll data, internal documents with signatures, employee lists, budget details, investor contact information, accounting files, audits, banking records, and password databases. While Best provided a link to the ransomware group's blog post advertising the data for sale, she cautioned that the claims lacked definitive verification at the time of reporting. Cybersecurity expert Fred Cobb emphasized the critical nature of the exposed data types rather than the data volume, noting the irreversible consequences of such breaches. The Chamber maintained its position that no member financial data was stored in compromised systems, though it did not confirm or deny the legitimacy of the ransomware group's specific data claims.