- Conti has compromised a Texas-based debt-collecting agency and stole troves of sensitive data.
- The set includes employee home addresses, clients, NDAs, financial and legal documents, and more.
- The consequences of this incident for the exposed individuals could be dire.
Sometimes, ransomware attacks are considered critical because they induce a service disruption in firms or organizations that fulfill a critical role in society and/or the economy. Other times, they are very damaging from a financial perspective, risking the very existence of the victimized business. In the most recent case that comes from the Conti ransomware group, we have a notable example of how a ransomware attack can be dangerous to the individuals who have had their personal details stolen due to the attack.
Conti has added ‘Southwest Recovery Services’ (SRS) into its victims page, claiming to have stolen 122GB of data from the company. The data that is presented include the following:
- Employee home addresses, phone numbers, dates of birth, and SSNs
- Financial documents from accounting, payroll, tax returns, payments, etc.
- Client databases containing addresses, phone numbers, and e-mails
- Contracts with partners including non-disclosure agreements
- Databases containing confidential legal information
The problem here is unfolding on multiple levels, but the most critical is the one that concerns the employees of SCS. You see, this is a debt collecting service that calls people who owe money to various entities, and these calls can often get derailed from what is considered proper, civilized, and respectful. The recipients of these calls often find themselves straight-out threatened with legal action, so it’s not far-fetched to say that if they knew the caller's home address, they would pay them a visit.
Then there’s the exposure of the client databases and the contact lists they gave SCS to call on their behalf. Not only are these people already under great pressure because of their financial troubles, they now had their details stolen by hackers who threaten to publish the fact that they owe money. This could be extremely stressful for individuals, and stress could potentially lead to self-harm.
For now, there has been no official confirmation of the incident from the firm’s side. As always, we have reached out to them for a comment, but we have not heard back yet. As soon as we do, we will update this post with their statement.