ARRL has officially confirmed that some of its employees’ data was stolen during the May ransomware attack.
The American Radio Relay League stated in recent data breach notifications given to affected users that it identified a sophisticated ransomware incident within its system after a threat group breached and encrypted its computer systems on May 14.
After detecting the hack, ARRL isolated the affected systems to contain the situation and contacted external forensic experts to examine the attack’s impact. In early June, it was also announced that a malicious international cybercriminal organisation had breached its systems in a sophisticated operation.
The affected entity warned the potentially affected individuals that an unauthorised third party may have obtained their personal information during the event. However, it assured these impacted individuals that it had taken all reasonable precautions to prevent their data from being exposed or misused.
They have also contacted federal law enforcement authorities to help them with their investigation. The impacted data may include personal information such as names, addresses, and social security numbers.
ARRL initially reported in a complaint that there are only 150 affected individuals.
ARRL filed a complaint with the Maine Attorney General’s Office this week, alleging that the data breach affected only 150 employees.
Although the organisation discovered no evidence that the stolen personal information was misused, it provided people affected by the data breach with two years of free identity monitoring. ARRL has not identified a specific ransomware group that infiltrated its systems, but other researchers claimed that the attackers are the Embargo ransomware operation.
Still, although this ransomware gang just appeared in May and has since added only eight victims to its leak site, ARRL has yet to be included as one of the attacked entities.
On the other hand, ARRL said in the breach notices that they had taken all reasonable measures to prevent the compromised data from being further published or distributed. This detail could imply that the affected company is in an ongoing transaction with the attackers to keep the data from leaking to the public.