Massy Stores is currently investigating claims that an international ransomware group has dumped over 700,000 its files, revealing the personal information of staff and customers following a hack attack earlier this year.
A cybersecurity expert who verified the documents has revealed that the Hive Ransomware group has dumped 87,550 folder and 704,047 corporate files, allegedly belonging to Massy Stores.
The expert described it as “the largest Caribbean data breach dump to date.”
Guardian Media Ltd has been able to download several of the documents which included wire transfer information, invoices, customer account numbers and identification.
On April 28, Massy Stores confirmed that it was the target of a cybersecurity attack which led to the technical difficulties experienced at all of its stores across the country.
“The company took immediate action, suspending all customer-facing systems, and has been working with third party experts to resolve the situation. Backup servers were not affected and the technical team is actively working with the expert teams to restore the system safely and in the shortest time possible,” Massy stated in a release then.
“The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation,” it stated.
On its dark website Hive stated that it executed encryption on data on Massy Stores’ serves at 9.37 am on April 28.
However it has now been revealed that more than five months after that hacking incident a data dump has occurred on the Hive dark website.
That data dump took place on Tuesday.
The hackers publicly dumped staff salaries, photos, personal details, copies of customers’ passports as well as internal audit documents and other financial information from the company.
Although the attack actually happened in April the hackers are said to have “rinsed” the data by going through it to see what they could have benefited from before releasing it.
“Normally they would release it much sooner, usually within two weeks, but I think because of the kind of information they got it took them a while because the hacker group I believe that they went through the data received to see what they could benefit from before releasing it to the public. So I think that is why they took so long,” the expert stated.
It is believed that the data released in the dump was used to effect another ramsomware attack on the Massy group.
Five days after the data dump Massy Jamaica Distribution Ltd was the victim of a recent ransomware attack.
Following that attack 17 gigabytes of data from Massy Jamaica Distribution Ltd was dumped on the internet on October 9.
It is believed that other attacks may occur as a result of the data dump.
According to the expert the dumping of the data suggests that Massy Stores may not have paid the pay the ransom which caused the data dump on the dark web.
By yesterday the webpage was removed to download the files. The expert stated that this situation possibly meant that Massy Stores had eventually paid the ransom becuase the hackers had removed the web page to download the company’s files.
However the direct link to the files on the server was still accessible.
“Based on the data exposed, it can be used for identity theft, fraud and other malicious purposes,” the expert stated.
The expert said Massy Stores will need to inform those who have been affected.
“The company will need to tell them. They would not know unless the company tells them. So the first thing should be that the company should disclose if data was exposed,” the expert stated.
“It might not be realistic for them to tell everyone individually who was affected but they will have to make a general statement and warn customers and staff to be extra vigilant, the expert stated.
The expert said Massy cannot put its head in the sand with respect to this situation as documents bearing the company’s markings including PDF and scanned documents are now available on the dark web.
“It’s not hearsay you can actually see it. The documents are valid,” the expert stated.
The expert stated that every single employee both past and present as well as suppliers need to assess any previous cyber attacks, fraud they might have experienced.
“What is most worrying is that so far there is no public admission of the declaration of the stolen files by the victim company which comes down to the topic of ethics,” the expert stated.
“Should such a large scale data dump of people’s personal data be kept private from the public or victims despite data protection laws requiring declaration?” the expert stated.
When contacted for comment on the issue Candace Ali, assistant vice president, marketing and communications for Massy Stores said the situation was being investigated.
“We cannot confirm the accuracy of this information at this time. We will further advise on our findings, once we have more information coming out of our investigations,” Ali stated.
Hive, which was first observed in June 2021, is an affiliate-based ransomware variant used by cybercriminals to conduct ransomware attacks.
Hive is built for distribution in a ransomware-as-a-service model that enables affiliates to utilise it as desired.
The hackers publicly dumped the following for the entire internet to access:
87,550 folders and 704,047 files.
Finance (accounts receivable, accounts payable, budget, banking, financial statements, internal audits)
HR (staff photos, surveys, staff listings, job descriptions, events, claims, personal data)
Operations (monthly payroll up to April 2022, store audits, store performance, budgets)
Property management (strategic management documents)
Client Backups (backups of data on end-users’ systems)
Copies of people’s passports.
