The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident."
ARRL, the National Association for Amateur Radio, said in data breach notifications recently sent to impacted individuals that it detected the "sophisticated ransomware incident" after the attackers breached and encrypted its computer systems on May 14.
After discovering the breach, ARRL took impacted systems offline to contain the incident and hired external forensic experts to help assess the attack's impact.
In early June, it also revealed that its systems were hacked by a "malicious international cyber group" in a "sophisticated network attack."
"Our investigation has determined that the unauthorized third party may have acquired your personal information during this incident," it told individuals whose data was stolen.
"Please know that we have taken all reasonable steps to prevent your data from being further published or distributed, have notified and are working with federal law enforcement to investigate.
"Impacted data may have contained your personal information, including your name, address and social security number."
In a filing with the Office of Maine's Attorney General this week, the organization claims that this data breach only affected 150 employees.
Although ARRL said no evidence was found that the stolen personal information was misused, it still decided to provide those impacted by this data breach with 24 months of free identity monitoring through Kroll out of "an abundance of caution."
ARRL has not linked the attack to a specific ransomware gang, but sources told BleepingComputer that the Embargo ransomware operation was behind this incident.
However, although this ransomware group first surfaced in May and has since added only eight victims to its dark web leak site (some already removed, likely because they paid a ransom), ARRL has yet to be listed.
ARRL stated in the breach notifications that they have taken "all reasonable steps to prevent your data from being further published or distributed," which could be taken to mean that a ransom was paid to prevent the data from being leaked.
Firstmac Limited, the largest non-bank lender in Australia, is one of the victims who had over 500GB of stolen data leaked on Embargo's website.
Comments
coldpockets - 2 months ago
Why does ARRL have SSNs?
No1gr8 - 2 months ago
I think they hacked employee info. I doubt they collect SSNs for membership.
Throwdown - 2 months ago
You are correct.
Kcgunesq - 2 months ago
Doesn't surprise me a bit. Hams see themselves as tech masters, but cant figure out how to host an HTTPS website.
CrazyRadioGuy - 2 months ago
This article says absolutely nothing new other than the speculation that is may have been the Embargo ransomware. Hopefully the author did not get paid for this article.
No1gr8 - 2 months ago
Thanks, Sergiu. Good summary. Thier language was quiet entertaining. Saying categorized as unique by the FBI. Someone probably clicked a bad email and they're making it sound like the biggest underground hacking group went after an org most people never heard of.
Throwdown - 2 months ago
@Kcgunesq Not so much. Some maybe, but most see themselves as tech enthusiasts geared towards radio communications. Radio and website security are far apart especially for the majority of hams who are fairly old.