[BreachExchange] Malware takes down some Pitney Bowes systems

Destry Winant destry at riskbasedsecurity.com
Mon Oct 14 23:22:34 EDT 2019


https://www.scmagazine.com/home/security-news/malware/malware-takes-down-some-pitney-bowes-systems/

Pitney Bowes reported today that it was hit with malware that has made
some files inaccessible, but stopped short of calling it a ransomware
attack.

Pitney Bowes said the attack has encrypted some corporate information
and disrupted customer access to certain services, but at this time
the company does not believe any customer or employee information has
been exfiltrated from its network. Company executives have made no
mention of a ransom being demanded.

“Our technical team is working to restore the affected systems, and it
is working closely with third-party consultants to address this
matter. We are considering all options to expedite this process and we
appreciate our customers’ patience as we work toward a resolution,”
the company said in a statement.

Some of the services affected include the company’s mail-focused
products like postage machines which cannot be refilled, SendPro
Online in the UK and Canada, Your Account and the Pitney Bowes
Supplies web store cannot be accessed. This in turn impacts clients
subscribed to AutoInk and our Supplies App.

Customers with Mail360 and MIPro Licensing products the software and
data marketplace downloads are unavailable.

Pitney Bowes has activated its Enterprise Outage Response Team, which
is working in conjunction with its IT team to rectify the situation,
but at this time there is no ETA for when the systems will be back
online.

Depending upon how well the company maintained back ups of its data,
the recovery could be quite costly as FedEx, Maersk and other
ransomware victims discovered when they were attacked and shut down.

“Costs related to this cyber incident could go up rapidly for Pitney
Bowes: third-party forensic experts, breach notification, loss of
revenue, lawsuits and much more. Cyber security insurance can help
immediately, especially if the cyber policy is up to date with the
number of records to be covered. This is why continuous underwriting
of cyber policies can eliminate any insurability gaps,” said Rajeev
Gupta, co-founder and chief product officer at Cowbell Cyber.


More information about the BreachExchange mailing list