Chattanooga Area Chamber of Commerce

The Chattanooga Area Chamber of Commerce, also known as the Tennessee area Chamber of Commerce, experienced a ransomware attack on December 9, 2021. This incident compromised the organization's systems and potentially exposed member emails, passwords, and publicly available business details. Hackers claimed to have exfiltrated 77 gigabytes of sensitive internal data, including employee lists, financial records, payroll information, W-2 forms, and accounting documents, which they advertised for sale online. The organization confirmed that forensic investigations were ongoing but stated it does not store member financial or payment data. While a sample of the advertised data included signatures, budgets, and investor contacts, the accuracy of these claims remained unverified. Members were advised to update critical passwords due to risks associated with reused credentials across multiple platforms.

Cybersecurity experts emphasized the severity of the breach, noting the sensitive nature of the allegedly stolen information such as payroll and W-2 forms. The chamber's response included notifying members and conducting forensic analysis, though the full extent of data compromise was not confirmed. The incident highlighted vulnerabilities in organizational cybersecurity practices, particularly regarding the protection of employee and financial records. The chamber's statement about not storing payment data aimed to reassure members but did not address the broader risks from other exposed information. The sale of purported internal documents online underscored the potential for long-term data misuse. This event served as a cautionary example for similar business support organizations handling sensitive member and employee data. The chamber's handling of the breach, including member communication and investigation efforts, became a point of reference for incident response in the sector. Despite the unverified claims by hackers, the reported data types indicated a significant compromise of confidential business and personal information. The attack on the Chattanooga Area Chamber of Commerce illustrated the targeting of community business organizations by cybercriminals seeking valuable data for extortion or sale.