Massachusetts Accounting Firm Pays Ransom to Protect Data of Nearly 40,000 Residents After Cyber Breach

Massachusetts Accounting Firm Pays Ransom to Protect Data of Nearly 40,000 Residents After Cyber Breach
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="2"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->

In January 2024, an accounting firm in north-central Massachusetts learned that data had been exfiltrated from its server network, and the perpetrator was demanding ransom for its deletion. 

According to a letter sent to the Attorney General of New Hampshire, the firm worked with the FBI to determine that the perpetrator was a legitimate threat actor, and negotiated paying their ransom.  

They then, “obtained credible evidence of the destruction of all data exfiltrated from its network, in order to protect affected individuals.” The firm and the FBI continued to monitor the dark web to see if the data would pop up again but have found no evidence.  

The Massachusetts Office of Consumer Affairs and Business Regulation reports that 39,961 residents of Massachusetts were affected by the breach. 

Given the timing of the breach, which occurred shortly before the opening of the electronic tax filing season, the firm contacted the cybersecurity division of the Internal Revenue Service (IRS) to implement safeguards against the potential filing of fraudulent tax returns. 

A comprehensive effort was undertaken to identify the scope of information and individuals affected by the breach. This involved reviewing a spreadsheet provided by the perpetrators with “961,688 lines. Each line identified the name of a compromised file, which predominantly were flat files, such as .pdfs,” according to the firm’s letter to the New Hampshire AG. 

The company has filed a report with the FBI and continues to monitor the situation closely 

This breach highlights the importance of robust cybersecurity measures and the need for organizations to be prepared for potential data breaches. This firm's proactive response and collaboration with law enforcement and cybersecurity experts demonstrate a commitment to protecting affected individuals and mitigating the impact of such incidents.