ExecuPharm data breach leaks 98,995 ExecuPharm and Parexel emails, and 163GB of financial and accounting information, user documents and data backups.
On March 13, 2020 ExecuPharm experienced a cybersecurity incident. Hackers encrypted ExecuPharm’s servers and demanded a ransom for decryption. Seems like the ExecuPharm data breach was executed via phishing emails sent to employees.
Data breach compromised business and employee information
The incident compromised business and employees’ information, as well as some the Parexel’s information stored on ExecuPharm’s network. The compromised data includes:
- social security numbers,
- taxpayer ID/EIN,
- driver’s license numbers,
- passport numbers,
- bank account numbers,
- credit card numbers,
- national insurance numbers,
- national ID numbers,
- IBAN/SWIFT numbers,
- beneficiary information (including social security numbers).
According to TechCrunch, the CLOP ransomware group was behind this cyber attack on ExecuPharm. ExecuPharm’s executives confirmed that. Beeping Computed contacted the CLOP operators about the negotiations. “Negotiations were conducted a month, the amount in bitcoins was announced and approved. Then they began to refer that the coinbase had a hold on their account, and they needed to wait 7-14 days”, CLOP commented.
“As a result, it turned out that they were not going to pay at all, although we made a 20% discount and showed patience on time”CLOP RANSOMWARE OPERATORS
Once negotiations failed, CLOP ransomware operators published the stolen data on its website in the dark web.
The data leak contains:
- 18,895 ExecuPharm and Parexel employees’ emails,
- 16.4GB of additional correspondence including more than 80,000 emails,
- 163GB of financial and accounting records, user documents and SQL backups of ExecuPharm’s document management system.
ExecuPharm’s response to the breach
According to the data breach notice for the Vermont attorney general’s office, ExecuPharm has notified federal and local law enforcement authorities in the United States and retained leading third party cybersecurity firms to investigate the incident. ExecuPharm restored the data from backup servers and by April 17, 2020 fully restored and secured their IT systems, upgraded the security measures (forced password resets, multi-factor authentication for remote access, and endpoint protection, detection, and response tools). The company also installed forensic tools on all systems and isolated the impacted systems.
“ExecuPharm immediately launched an investigation, alerted federal and local law enforcement authorities, retained leading cybersecurity firms to investigate the nature and scope of the incident, and notified all potentially impacted parties”David Granese,
EXECUPHARM VP Business Operations
ExecuPharm provides identity monitoring services free of charge for one year for all employees, including Credit Monitoring, a Current Credit Report, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration.