Andy Frain Services breach exposes data of over 100,000 people

American private security company Andy Frain Services said a data security incident it suffered last year compromised the sensitive personal information of more than 100,000 individuals.

 

Headquartered in Aurora, Illinois, with offices throughout the U.S and internationally in Canada, China and England, Andy Frain Services offers security personnel for major events and facilities. Its clientele includes the NFL, NBA, NHL, MLB, Kentucky Derby, US Golf Open, and more.

 

In a data security incident notice filed with the Office of Maine Attorney General, AFS said that on October 23, it identified suspicious activity within its internal network. The security company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“We secured and remediated the compromise, engaged additional third-party experts, hardened and enhanced our data security, and commenced an investigation. We have worked diligently to determine what happened and what information could have been compromised,” AFS said.

 

The compromised data included names and other personal identifiers along with Social Security Numbers. The filing with the Maine state regulator also states that at least 100,964 individuals were impacted by the incident.

 

“We take this incident seriously and are committed to the strength of our systems’ security to prevent a similar event from occurring in the future. We are also focused on continuous awareness training and assessment of our data security. We have cooperated with law enforcement regarding this incident,” AFS added.

 

While the private security company found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through CyEx to all affected individuals.

 

 

In November, the BlackBasta ransomware group claimed responsibility for the cyber attack on AFS and listed it as a victim on its data leak site. The group alleged it had stolen 750GB of sensitive data and threatened to release it publicly unless the company paid a ransom.