Morley Companies Inc. announced a data breach following a ransomware attack on August 1st, 2021. The incident enabled threat actors to grab data before encrypting files. Morley is a US organization that provides meeting management, back-office processing, contact centers, trade show display design, and other services to Fortune 500 and Global 100 companies.
Morley Companies stated in recent notices that on August 1st, 2021, they were the victim of a ransomware attack that rendered their data inaccessible. Following an investigation, the firm discovered that the threat actors took the personal information of 521,046 people, including details from Morley’s employees, contractors, and clients.
“As a result, Morley learned that additional data may have been obtained from its digital environment,” explained Morley’s security incident notification. “Morley thereafter began collecting contact information needed to provide notice to potentially affected individuals, which was completed in early 2022.”
Even though the firm’s investigation hasn’t found evidence of harmful use of the stolen data, Morley will reimburse the cost of 24 months of IDX identity theft protection for all those impacted. Those affected will be notified and given guidance on participating in IDX’s program.
Morley said they had to hire a cybersecurity expert to figure out why they couldn’t access their files anymore. When they discovered the source of the problem, which turned out to be a ransomware outbreak, they enlisted the help of professionals in the area to examine the data and identify all the affected parties.
“Special programming was required and unique processes had to be built in order to begin analyzing the data. The data complexity also required special processes to search for and identify key information,” clarifies a notification filed with Maine’s Office of the Attorney General. “This process was lengthy but necessary to ensure appropriate notification occurred. On January 18, 2022, it was confirmed that your information was involved. Importantly, Morley Companies is not aware of any misuse of your personal information due to this incident.”
Although this appears to be encouraging, the cyber-intelligence platform HackNotice claims to have discovered Morley’s data on the dark web only last week. This is usually a warning that the information will be exploited by other threat actors in future attacks, such as targeted phishing.