AmeriGas revealed that a supply-chain cyberattack caused a data breach that affected its employees and one US resident.
AmeriGas is a leading distributor of propane gas in the US. Through its network of over 2,500 locations, it serves almost 2 million customers.
The attackers compromised networks of J. J. Keller, a vendor providing Department of Transportation (DOT) compliance services to AmeriGas. J.J. Keller detected anomalous activity on their systems related to an email account on May 10th. The vendor immediately launched an investigation. The issue was traced back to an employee who fell victim to a phishing email.
Although the breach lasted 8 seconds, during this time, an attacker could have viewed certain files in the employee’s compromised email account.
After resetting the account credentials, J.J. Keller immediately began its forensic activities to investigate the breach. It revealed that the data breach exposed sensitive records of 123 AmeriGas employees.
“According to J.J. Keller, during the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees’ information, including Lab IDs, social security numbers, driver’s license numbers, and dates of birth.”
AmeriGas is aware of no actual or attempted misuse of the personal data that was affected by the incident.
“To date, we are unaware of any actual or attempted misuse of this personal data as a result of this incident,” disclosed AmeriGas in a sample data breach notification letter dated June 4th, 2021.
This latest incident comes after AmeriGas suffered a data breach in March 2021, when AmeriGas customers’ credit card information was misused by a customer service representative.
“We recently detected that there were unauthorized disclosures of credit card information to one of our customer service agents. We do not know whether your credit card information was shared but are writing in an abundance of caution. We investigated the issue as a precaution to further secure your information. The agent involved has been terminated and we have already implemented additional safeguards,” the company had disclosed at the time.