Black Basta group claims ransomware attack on U.S. vegetables producer Furmano’s

Pennsylvania-based raw vegetables producer Furmano’s said a major ransomware attack it experienced in October compromised the sensitive personal data of an undisclosed number of customers and employees.

 

Founded in 1921, Furmano’s is a leading producer of tomatoes, beans, vegetables and ancient grains for the food service and retail industries.

 

In a cyber security incident notice filed with the Attorney General of Massachusetts, Furmano’s said that on October 10, it experienced network issues that affected the function and availability of its internal network and computer systems.

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident, took steps to contain the impact and notified relevant law enforcement about the incident.

 

“With the help of an expert remediation team, we ultimately determined the cause of the issue was a ransomware attack perpetrated by a third party,” Furmano’s said.

 

“Despite doing everything we could to prevent it, it is possible that some of your personal information was accessed and disclosed by the unauthorised third party who initiated the ransomware attack against us,” it added.

 

The company’s investigation revealed that the compromised data included names, addresses, and Social Security numbers. The company is yet to share the number of affected individuals.

 

While Furmano’s found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services through NortonLifeLock to all affected individuals.

 

Recently, the infamous Black Basta ransomware group claimed responsibility for the ransomware attack on Furmano’s and listed it as a victim on its data leak site. 

 

The group gave the company a week to meet its ransom demand, threatened to leak the stolen data if the ransom isn’t paid. It is unclear if the company negotiated with the ransomware group.