B&K Issues Cyber-attack Notice

Security

Data belonging to an Illinois-based accountancy firm has been exposed in a cyber-attack. 

Bansley and Kiener, which is also known as B&K, is a 99-year-old full-service accounting firm headquartered in Chicago. 

Earlier this month, B&K issued a security notice stating that it had been successfully targeted by cyber-criminals using ransomware a year ago. 

“On December 10, 2020, B&K identified a data security incident that resulted in the encryption of certain systems within our environment,” stated B&K in its security notice. 

Upon discovering the digital incursion, the firm took steps to halt the ransomware’s spread and to recover data that had been encrypted in the attack. B&K also beefed up its cybersecurity measures. 

Believing the malware to be contained, the firm set out to determine how the incident had occurred and whether any data had been stolen by the attack’s perpetrators. 

Initially, B&K believed that none of its data had fallen into the hands of the cyber-criminals behind the attack, but the firm found out later that this was not the case. 

“B&K addressed the incident, made upgrades to certain aspects of our computer security, restored the impacted systems from recent backups, and resumed normal operation,” said the firm. 

“We believed at the time that the incident was fully contained and did not find any evidence that information had been exfiltrated from our environment. On May 24, 2021, we were made aware that certain information had been exfiltrated from our environment by an unauthorized person.”

After hearing the bad news, B&K launched an investigation, engaging the services of a cybersecurity firm to discover more about the attack’s impact. 

A year on from the attack, the accountancy firm said it “cannot confirm specifically what information, if any, was viewed by the unauthorized person” who accessed its IT systems.

However, B&K did state that on August 24, investigators were able to confirm that information present on the firm’s systems at the time of the ransomware attack “included names and Social Security numbers.”

The incident has been reported to the HHS’ Office for Civil Rights in four reports as affecting a total of 70,941 individuals.

Products You May Like

Articles You May Like

THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 23-29)
NVIDIA Container Toolkit Vulnerability Exposes AI Systems to Risk
U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes
Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud
Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

Leave a Reply

Your email address will not be published. Required fields are marked *