The U.S.-based pharmaceutical giant ExecuPharm admitted it became a victim of a cyberattack. In a letter to the Vermont attorney general office, ExecuPharm said it was hit by a ransomware attack on March 13, 2020, and attackers may have been accessed users’ sensitive data like social security numbers, taxpayer ID/EIN, driver’s license numbers, passport numbers, bank account numbers, credit card numbers, national insurance numbers, national ID numbers, IBAN/SWIFT numbers, and beneficiary information.
Further investigation into the incident revealed that the attackers may have accessed and shared select personal information of ExecuPharm executives whose information were stored on ExecuPharm’s data network. ExecuPharm has notified federal and local law enforcement authorities in the U.S. and held a third-party cybersecurity firm to investigate the incident.
Meanwhile, TechCrunch reported that the hacker group have published the stolen data on a dark web site associated with the CLOP ransomware group. The site contained vast information like cache data, email addresses, financial and accounting records, user documents and database backups which are stolen from ExecuPharm’s systems.
“ExecuPharm internal teams worked diligently with forensic consultants to rebuild the impacted servers from back up servers and have now fully restored and secured the ExecuPharm systems. This included the installation of forensic tools on all systems and the isolation of impacted systems until ExecuPharm could confirm that they were secure. ExecuPharm also implemented additional countermeasures to block further ransomware emails from entering the ExecuPharm environment. ExecuPharm also upgraded its security measures to prevent future attacks, including forced password resets, multi-factor authentication for remote access, and endpoint protection, detection, and response tools,” ExecuPharm said in a statement.