A cyber attack that struck Swedish security company Gunnebo in August led to the exposure of 38,000 internal documents containing blueprints of bank vaults, security doors, alarm equipment, and security functions for ATMs.
Gunnebo, which offers entrance control, safe storage, cash management, and integrated security solutions to organisations in multiple industries such as finance, retail, and mass transit, said in August that it suffered a cyber attack targeting its IT systems that forced the shutdown of internal servers.
“We can only speculate on what the goal of the attack was, but since it can not be ruled out that this is an attempt at industrial espionage, it has been important to follow the regulations and we have therefore today, reported what happened to Säpo,” said Stefan Syrén, President and CEO of Gunnebo.
The company said that soon after its IT department established that unauthorised persons tried to enter the company’s IT environment, they immediately shut down the servers to isolate the attack and thanks to the rapid intervention, the operational impact became minimal and operations could be resumed quickly.
Gunnebo owns a number of security products-oriented brands such as Chubbsafes that offers reliable safes for homes and offices, Hamilton that offers custom-made security products, and Sallen that offers secure cash deposit systems to banks and retailers. It is not known if the cyber attack impacted all or some of these brands.
Even though the company did not mention if the cyber attack resulted in the loss of corporate or customer data, Swedish news agency Dagens Nyheter has now confirmed that hackers recently published as many as 38,000 documents online that they stole from Gunnebo.
The leaked documents contained extremely sensitive details such as the blueprints of secretive bank vaults, security doors, alarm equipment, and security functions for ATMs. The documents also included classified drawings of the Swedish Tax Agency’s office in Sundbyberg and information on the protection of Riksdag, the Swedish Parliament.
These documents, that are freely available to download, can easily be used by criminal gangs to break into security systems at banks, retail stores, and other organisations and may also leak Gunnebo’s intellectual property data to rivals and international competitors, thereby seriously jeopardising its business prospects.
Hackers also stole and leaked data owned by a Finnish psychotherapy clinic
The practice of hackers leaking information stored from organisations’ IT systems after breaching them is terrifyingly common and is usually seen in cases where organisations refuse to pay a ransom to recover files stolen by hackers. In some cases, information is leaked out to jeopardise an organisation’s financial viability or to expose its internal practices to the public.
Earlier this week, hackers stole the personal and health records of patients of Vastaamo, a large psychotherapy clinic in Finland that has about 20 branches and thousands of patients across the country. After stealing the data, the hackers began blackmailing patients, asking them to pay €200 (£180) in Bitcoin within 24 hours if they wanted to prevent the publication of their mental health details online.
According to BBC, the hackers even published around 300 records on the dark web after Vastaamo refused to pay 40 bitcoin (£403,000) in ransom to recover its files. Vastaamo said in a press release that hackers infiltrated its network in November 2018 and accessed or copied data stored in computer systems until March 2019.
“On October 24, the victims – customers and employees of Vastaamo alike – started to receive individual blackmail messages demanding a ransom. If you detect or suspect that your data is being misused or if your data is disseminated online or if you are contacted or blackmailed regarding leaked data, we encourage you to report the offence to the local police department of your residence. If need be, you can ask for guidance from the Office of the Data Protection Ombudsman,” the clinic said.
Commenting on hackers leaking sensitive data stolen from organisations, Warren Poschman, senior solutions architect with comforte AG, said if the data had been secured properly using technologies such as tokenisation or format-preserving encryption then the sensitive details would still be secure and worthless as an instrument of blackmail or identity theft.
“The reliance on firewalls, strong authentication, and passive database encryption to protect data is simply not enough – the data itself must be protected to ensure that when attackers gain access, customer and patient data will remain secure and privacy upheld.
“Data-centric security offers the ability to protect data in both a system and database agnostic way that allows organisations to ensure compliance and security no matter who has access to data or where it is shared,” he added.