Advertise With Us
About Us
Listen
Watch

Login

/

Subscribe

Home

News

Carnival

Business

Sports

E-Paper

Features

Opinion

Traffic Cameras

Life

Classifieds

Death Notices

Community

Real Estate

About Us

Contact Us

Home
News
Carnival
Sports
E-paper
Business
Classifieds
Other
Death Notices
Traffic Cameras
Covid-19
Features
Opinion
Games
Subscriptions
Real Estate

Massy Stores investigates cyber attack information leak

by

#meta[ag-author]
Joel Julien
20221020073202
20221019

Massy Stores is cur­rent­ly in­ves­ti­gat­ing claims that an in­ter­na­tion­al ran­somware group has dumped over 700,000 its files, re­veal­ing the per­son­al in­for­ma­tion of staff and cus­tomers fol­low­ing a hack at­tack ear­li­er this year.

A cy­ber­se­cu­ri­ty ex­pert who ver­i­fied the doc­u­ments has re­vealed that the Hive Ran­somware group has dumped 87,550 fold­er and 704,047 cor­po­rate files, al­leged­ly be­long­ing to Massy Stores.

The ex­pert de­scribed it as “the largest Caribbean da­ta breach dump to date.”

Guardian Me­dia Ltd has been able to down­load sev­er­al of the doc­u­ments which in­clud­ed wire trans­fer in­for­ma­tion, in­voic­es, cus­tomer ac­count num­bers and iden­ti­fi­ca­tion.

On April 28, Massy Stores con­firmed that it was the tar­get of a cy­ber­se­cu­ri­ty at­tack which led to the tech­ni­cal dif­fi­cul­ties ex­pe­ri­enced at all of its stores across the coun­try.

“The com­pa­ny took im­me­di­ate ac­tion, sus­pend­ing all cus­tomer-fac­ing sys­tems, and has been work­ing with third par­ty ex­perts to re­solve the sit­u­a­tion. Back­up servers were not af­fect­ed and the tech­ni­cal team is ac­tive­ly work­ing with the ex­pert teams to re­store the sys­tem safe­ly and in the short­est time pos­si­ble,” Massy stat­ed in a re­lease then.

“The com­pa­ny is not aware of any ev­i­dence at this time that any cus­tomer, sup­pli­er or em­ploy­ee da­ta has been com­pro­mised or mis­used as a re­sult of the sit­u­a­tion,” it stat­ed.

On its dark web­site Hive stat­ed that it ex­e­cut­ed en­cryp­tion on da­ta on Massy Stores’ serves at 9.37 am on April 28.

How­ev­er it has now been re­vealed that more than five months af­ter that hack­ing in­ci­dent a da­ta dump has oc­curred on the Hive dark web­site.

That da­ta dump took place on Tues­day.

The hack­ers pub­licly dumped staff salaries, pho­tos, per­son­al de­tails, copies of cus­tomers’ pass­ports as well as in­ter­nal au­dit doc­u­ments and oth­er fi­nan­cial in­for­ma­tion from the com­pa­ny.

Al­though the at­tack ac­tu­al­ly hap­pened in April the hack­ers are said to have “rinsed” the da­ta by go­ing through it to see what they could have ben­e­fit­ed from be­fore re­leas­ing it.

“Nor­mal­ly they would re­lease it much soon­er, usu­al­ly with­in two weeks, but I think be­cause of the kind of in­for­ma­tion they got it took them a while be­cause the hack­er group I be­lieve that they went through the da­ta re­ceived to see what they could ben­e­fit from be­fore re­leas­ing it to the pub­lic. So I think that is why they took so long,” the ex­pert stat­ed.

It is be­lieved that the da­ta re­leased in the dump was used to ef­fect an­oth­er ram­somware at­tack on the Massy group.

Five days af­ter the da­ta dump Massy Ja­maica Dis­tri­b­u­tion Ltd was the vic­tim of a re­cent ran­somware at­tack.

Fol­low­ing that at­tack 17 gi­ga­bytes of da­ta from Massy Ja­maica Dis­tri­b­u­tion Ltd was dumped on the in­ter­net on Oc­to­ber 9.

It is be­lieved that oth­er at­tacks may oc­cur as a re­sult of the da­ta dump.

Ac­cord­ing to the ex­pert the dump­ing of the da­ta sug­gests that Massy Stores may not have paid the pay the ran­som which caused the da­ta dump on the dark web.

By yes­ter­day the web­page was re­moved to down­load the files. The ex­pert stat­ed that this sit­u­a­tion pos­si­bly meant that Massy Stores had even­tu­al­ly paid the ran­som be­cuase the hack­ers had re­moved the web page to down­load the com­pa­ny’s files.

How­ev­er the di­rect link to the files on the serv­er was still ac­ces­si­ble.

“Based on the da­ta ex­posed, it can be used for iden­ti­ty theft, fraud and oth­er ma­li­cious pur­pos­es,” the ex­pert stat­ed.

The ex­pert said Massy Stores will need to in­form those who have been af­fect­ed.

“The com­pa­ny will need to tell them. They would not know un­less the com­pa­ny tells them. So the first thing should be that the com­pa­ny should dis­close if da­ta was ex­posed,” the ex­pert stat­ed.

“It might not be re­al­is­tic for them to tell every­one in­di­vid­u­al­ly who was af­fect­ed but they will have to make a gen­er­al state­ment and warn cus­tomers and staff to be ex­tra vig­i­lant, the ex­pert stat­ed.

The ex­pert said Massy can­not put its head in the sand with re­spect to this sit­u­a­tion as doc­u­ments bear­ing the com­pa­ny’s mark­ings in­clud­ing PDF and scanned doc­u­ments are now avail­able on the dark web.

“It’s not hearsay you can ac­tu­al­ly see it. The doc­u­ments are valid,” the ex­pert stat­ed.

The ex­pert stat­ed that every sin­gle em­ploy­ee both past and present as well as sup­pli­ers need to as­sess any pre­vi­ous cy­ber at­tacks, fraud they might have ex­pe­ri­enced.

“What is most wor­ry­ing is that so far there is no pub­lic ad­mis­sion of the de­c­la­ra­tion of the stolen files by the vic­tim com­pa­ny which comes down to the top­ic of ethics,” the ex­pert stat­ed.

“Should such a large scale da­ta dump of peo­ple’s per­son­al da­ta be kept pri­vate from the pub­lic or vic­tims de­spite da­ta pro­tec­tion laws re­quir­ing de­c­la­ra­tion?” the ex­pert stat­ed.

When con­tact­ed for com­ment on the is­sue Can­dace Ali, as­sis­tant vice pres­i­dent, mar­ket­ing and com­mu­ni­ca­tions for Massy Stores said the sit­u­a­tion was be­ing in­ves­ti­gat­ed.

“We can­not con­firm the ac­cu­ra­cy of this in­for­ma­tion at this time. We will fur­ther ad­vise on our find­ings, once we have more in­for­ma­tion com­ing out of our in­ves­ti­ga­tions,” Ali stat­ed.

Hive, which was first ob­served in June 2021, is an af­fil­i­ate-based ran­somware vari­ant used by cy­ber­crim­i­nals to con­duct ran­somware at­tacks.

Hive is built for dis­tri­b­u­tion in a ran­somware-as-a-ser­vice mod­el that en­ables af­fil­i­ates to utilise it as de­sired.

The hack­ers pub­licly dumped the fol­low­ing for the en­tire in­ter­net to ac­cess:

87,550 fold­ers and 704,047 files.

Fi­nance (ac­counts re­ceiv­able, ac­counts payable, bud­get, bank­ing, fi­nan­cial state­ments, in­ter­nal au­dits)

HR (staff pho­tos, sur­veys, staff list­ings, job de­scrip­tions, events, claims, per­son­al da­ta)

Op­er­a­tions (month­ly pay­roll up to April 2022, store au­dits, store per­for­mance, bud­gets)

Prop­er­ty man­age­ment (strate­gic man­age­ment doc­u­ments)

Client Back­ups (back­ups of da­ta on end-users’ sys­tems)

Copies of peo­ple’s pass­ports.


Click HERE to Login

Want FREE access to all our content? Sign up HERE!

Tagged in:

Responses

Related articles

Sponsored

Weather

PORT OF SPAIN WEATHER

Sponsored

Trending

Acting CoP suspends officer in traffic warden viral video
Nine Vindra Naipaul-Coolman murder accused to receive $20M from State
Cop captured in social media row with Traffic Warden suspended
Harewood-Christopher in pole position for CoP job
State must pay $20m for failed Naipaul-Coolman case
President sends Erla Christopher's name to Parliament for CoP nominee debate
Griffith silent on Kamla’s call for unity: PDP, Duke, some ex-UNC MPs not interested
Highest-ranking name for new Police Commissioner delivered to President
Piarco records the lowest temperature in January in 10 years
US resident held with ammo in Piarco airport
Today's
Guardian
View
Subscribe

Publications

Hungry Ghosts

Hungry Ghosts

Hungry Ghosts

Hungry Ghosts

Pain, power and poison...a review of Hungry Ghosts by Kevin Jared Hosein

20230126132207
2022 TS Eliot Prize winner Anthony Joseph as he reads from his winning collection of poems Sonnets for Albert at the award ceremony in London on January 16.

2022 TS Eliot Prize winner Anthony Joseph as he reads from his winning collection of poems Sonnets for Albert at the award ceremony in London on January 16.

Adrian Pope

2022 TS Eliot Prize winner Anthony Joseph as he reads from his winning collection of poems Sonnets for Albert at the award ceremony in London on January 16.

2022 TS Eliot Prize winner Anthony Joseph as he reads from his winning collection of poems Sonnets for Albert at the award ceremony in London on January 16.

Adrian Pope

2022 TS Eliot poetry prize winner memorialises 'charismatic' father

20230126141654

Numbness in your feet?

20230123072450

Your walking gear matters!

20230116101944
Created by potrace 1.15, written by Peter Selinger 2001-2017

News

Business

Sports

Life

Opinion

Tobago Today

Classifieds

Death Notices

Subscriptions

Real Estate

Categories

News
Business
Sports
Features
Opinion
Traffic Cameras
Death Notices

INFORMATION

About Us
Contact Us
Advertise With Us
Privacy Policy
Subscriptions
Terms of Services

Digital Media

The Big Board Company.
Real Estate
Classifieds

TELEVISION

CNC3 Television

RADIO

951 Remix
Sangeet 106.1 FM
Sky 99.5FM
Slam 100.5 FM
Vibe CT 105 FM
Mix 90.1 FM (Guyana)
Freedom 106.5 FM

About Us

Guardian Media is the premier provider of multimedia solutions and authoritative insight on news, politics, business, finance, sports, and current affairs. Our brand portfolio includes CNC3, Guardian, TBC Radio Network and The Big Board Company.

Contact us

Send us an e-mail here or call us at +1-(868)-225-4465

Follow us