‘Tis the season. For alleged data breaches, that is.
Cybernews is reporting that a Russian ransomware group called Lynx claims to have gotten its hands on a whole mess of data belonging to CSA Tax & Advisory, a small firm in Haverhill, MA that just celebrated its 75th birthday a few months ago. The data allegedly includes clients’ full names, SSNs, and individual tax returns, among other bits of data clients probably don’t want floating around on the dark web.
The notice came up on December 26th on the gang’s leak site on the dark net, claiming it had exfiltrated the company’s and its clients’ data. This is a common tactic among ransomware gangs to coerce victims into paying a ransom, and it seems to be the case for Lynx as well. On its website, the gang claims to have a clear intention to avoid undue harm to organizations.
“Our operational model encourages dialogue and resolution rather than chaos and destruction,” it says.
How utterly professional of them.
Hopefully the firm doesn’t take a page from the Sax playbook and reports promptly if, in fact, a breach has occurred. It is as yet unconfirmed.
