German IT Firm CITYCOMP Data Breach Directly Affected Major Companies

Threat actors disclosed lots of financial data belonging to big firms online. The hacker gathered this data from German IT company CITYCOMP that provides services to numerous major organizations. These records from the CITYCOMP data breach surfaced online after the hackers failed to blackmail the victim firm.

Customer Records Stolen In CITYCOMP Data Breach

As disclosed by the firm itself, the German IT company CITYCOMP suffered a data breach following a failed ransom demand. The incident has affected several big names from the industry since the victim firm provided services to them.

The company has stated the details of the CITYCOMP data breach in its official statement. As revealed, the firm suffered the cyber attack in April 2019. The unidentified attacker blackmailed the firm to publish the stolen data should the company not comply with its demand for ransom. Since the firm did not accept his demands, the attacker published the breached data.

“A still unknown perpetrator has stolen customer data of CITYCOMP and threatened the company with the publication, should it not comply with the blackmail attempt… Since CITYCOMP does not comply with blackmail the publication of customer data could not be prevented.”

According to The Register, the breached data is available on the deep web with a .onion domain. Regarding the published data, the attacker has claimed to have information about all CITYCOMP clients. As stated on that website by the attacker,

“312,570 files in 51,025 folders, over 516 Gb of data financial and private information on all clients, include VAG, Ericsson, Leica, MAN, Toshiba, UniCredit, and British Telecom (BT).”

The other victims of this incident include Grohe, ATOS, Hugo Boss, Porsche, SAP, and Oracle. The exposed data contains details such as names, email address, contact numbers, meeting notes with clients, IT equipment inventories (model numbers, serial numbers, specifications). It also includes some financial details such as project sheets, payroll records, and accountancy statements.

Security Measures Taken

The hacker, who goes by the handle Boris Bullet-Dodger confirmed that they had demanded a ransom of $5000 from CITYCOMP. As stated in the attacker’s email, they specifically targeted CITYCOMP due to the company’s ‘awful’ security system. According to the attacker, the firm initially planned to pay the ransom, but later refused.

“At the beginning of our communication, they [CityComp] agreed that they will pay for our work and we will help them to eliminate vulnerabilities in their network, but they deceived us.”

Whereas, CITYCOMP has clearly mentioned in its statement that they never comply with blackmail.

“As a trustworthy and professional service provider, CITYCOMP does not comply with blackmail and works with law enforcement whenever a crime has been committed.”

The company has confirmed that they have duly informed the law enforcement agencies of the matter. They involved experts to contain the matter.

“CITYCOMP with the help and support of external experts and the State Criminal Police Office of Baden-Württemberg successfully fended off the attack and implemented supplementary security measures of all systems. The incident analysis of Deutor Cyber Security Solutions GmbH, G DATA Advanced Analytics GmbH and the Federal State Police Baden-Württemberg showed that at no point any indication for a risk of further infection of customer and partner systems.”

They have also implemented robust security measures to protect their systems to avoid such incidents in future. Besides, they have also duly informed their customers of the matter.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients