[BreachExchange] Customer information from Swedish security firm Gunnebo leaked by hackers

[Destry Winant]

https://www.reuters.com/article/gunnebo-breach/customer-information-from-swedish-security-firm-gunnebo-leaked-by-hackers-idUSL8N2HI1N3

STOCKHOLM (Reuters) - Swedish security firm Gunnebo said on Tuesday it
was in contact with customers after hackers had released sensitive
information about their accounts after its system was compromised two
months ago.

Gunnebo said in August that it had reported an attack against its
servers to the Swedish Security Service, after external IT-forensics
had concluded that the attack was well organised.

Three security experts told Reuters that large amounts of leaked data
was available for download on the dark web in a 18-gigabyte file,
after Swedish daily Dagens Nyheter (DN) first reported on Tuesday that
information had been released by hackers.

DN said data released included information about security measures for
the Swedish parliament.

One page hosting the download link to the leaked data put up by
hackers and seen by Reuters showed a summary of the content, which
included details on Gunnebo’s financial information, banking details
and passwords and details of customer transactions.

Gunnebo makes entrance control systems for buildings including offices
and airports.

“What has happened is very unfortunate. We have been exposed to very
serious crime,” CEO Stefan Syren told Reuters by phone. “My assessment
is that we have had a good level of security but we need to become
excellent,” he said, adding the firm had engaged an external team to
improve the IT structure, among other things.

DN said the material was uploaded on a public server during the second
half of September. Syren said the attack began on Aug. 18 and the
company had a first indication on Sept. 25 that the data would be
released on a public server but had had no contact with the hackers.

Security experts said the hack was part of a ransomware operation
called “Mount Locker” where hackers attack corporate systems, lock up
computer files and encrypt them, blocking access until a ransom is
paid, usually in cryptocurrency like bitcoin.

The hackers had 38,000 files from the Swedish company, with
information about customers worldwide, including the protection of the
Swedish parliament and drawings of bank vaults, DN reported here.

“We are going through the material now and in those cases where
information is sensitive we make contact with the customer,” Syren
told DN.

Gunnebo is currently fielding a bid from investment company Stena
Adactum and private equity firm Altor that values Gunnebo at around
2.4 billion Swedish crowns.

German conglomerate Thyssenkrupp was also a victim of a similar
ransomware attack in August. Thyssenkrupp’s system engineering in
North America received a ransomware threat, a spokeswoman said. “The
company identified and resolved the threat shortly after it was
discovered,” she said.

In 2017, the WannaCry ransomware attack disrupted hospitals and
businesses across the world.

“If a company has been attacked by ransomware, you should already
assume that data was exfiltrated before that,” a security researcher
said. “And when that happens, it’s already too late to really do
anything but damage control.”

The U.S. Treasury said here this month that facilitating ransomware
payments to sanctioned hackers may be illegal, signalling a crackdown
on the fast-growing market for consultants who help organizations pay
off cybercriminals.