Security

B&K Issues Cyber-attack Notice

Data belonging to an Illinois-based accountancy firm has been exposed in a cyber-attack. 

Bansley and Kiener, which is also known as B&K, is a 99-year-old full-service accounting firm headquartered in Chicago. 

Earlier this month, B&K issued a security notice stating that it had been successfully targeted by cyber-criminals using ransomware a year ago. 

“On December 10, 2020, B&K identified a data security incident that resulted in the encryption of certain systems within our environment,” stated B&K in its security notice. 

Upon discovering the digital incursion, the firm took steps to halt the ransomware’s spread and to recover data that had been encrypted in the attack. B&K also beefed up its cybersecurity measures. 

Believing the malware to be contained, the firm set out to determine how the incident had occurred and whether any data had been stolen by the attack’s perpetrators. 

Initially, B&K believed that none of its data had fallen into the hands of the cyber-criminals behind the attack, but the firm found out later that this was not the case. 

“B&K addressed the incident, made upgrades to certain aspects of our computer security, restored the impacted systems from recent backups, and resumed normal operation,” said the firm. 

“We believed at the time that the incident was fully contained and did not find any evidence that information had been exfiltrated from our environment. On May 24, 2021, we were made aware that certain information had been exfiltrated from our environment by an unauthorized person.”

After hearing the bad news, B&K launched an investigation, engaging the services of a cybersecurity firm to discover more about the attack’s impact. 

A year on from the attack, the accountancy firm said it “cannot confirm specifically what information, if any, was viewed by the unauthorized person” who accessed its IT systems.

However, B&K did state that on August 24, investigators were able to confirm that information present on the firm’s systems at the time of the ransomware attack “included names and Social Security numbers.”

The incident has been reported to the HHS’ Office for Civil Rights in four reports as affecting a total of 70,941 individuals.

Articles You May Like

Airrow is automating battery and payload swapping for drones
Late-stage tech companies must do right by their employees: Reassess your 409A valuations
Wondermed pulls $4,600K out of a hole to ply you with ketamine
Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
#InfosecurityEurope2022: The Interactivity Between Nation-State Attackers and Organized Crime Gangs

Leave a Reply

Your email address will not be published.