Customer communications company AddComm announced on May 22 that it had fallen victim to a cyber attack using ransomware. The hack allegedly took place between May 5 and May 17, 2024. During the attack, cybercriminals allegedly encrypted systems of the Amersfoort-based company and stole data. AddComm announces this through its own website. AddComm says that after discovering the incident on May 17, they engaged cyber security experts to investigate the incident. Among other things, AddComm sends paper and digital mail for various organizations.
A May 27 update notice (1) reveals that some of AddComm's customers were affected by the attack. In the process, the cybercriminals stole data from the affected customers. Exactly what kind of data is involved is not clear.
Several organizations using AddComm's services have notified their customers of the attack. The AD reports (2) that, to date, the following parties have reported the possible data theft to their customers:
ABN Amro
Essent
Staedion
Eigen Haard
Portal
Our House
RBG
GBTwente
PNO Media
Dunea
WMD
Groningen Water Company
Hollands Noorderkwartier Water Board
Energy supplier Vattenfall informed the AD that their customer data was not stolen during the hack.
Although the extent of the attack is not yet known, some of the Amersfoort-based company's customers, including ABN Amro (3) and energy supplier Essent (4), are asking their own customers to be vigilant about possible communications they receive on behalf of their organizations.
"Adcomm, the company that ships paper mail for Essent, was hit by a ransomware attack on May 17. There is no indication at this time that any data has been published or sold. Beware! If you receive communications from Essent soon, check them carefully," Essent said.
In the May 27 update, AddComm announces that the privacy interests of their customers and their data outweigh the principle of not being extorted:
"Therefore, under the guidance of external cyber security experts, agreements were made with the cyber criminals about the non-publication and removal of captured customer data. We made this decision deliberately to minimize the damage to our customers."
AddComm says it regrets the situation and is preparing to file a police report.
https://www.addcomm.nl/addcomm-geraakt-door-ransomware-update-27-mei-2024/
https://www.ad.nl/groningen/gegevens-selecte-groep-klanten-buitgemaakt-na-aanval-addcomm~a5806778/
https://www.abnamro.com/nl/nieuws/leverancier-abn-amro-geraakt-door-gijzelsoftware
https://www.essent.nl/klantenservice/persoonlijke-gegevens/phishing
