Hitachi Energy Confirms Security Breach as Clop Ransomware Targets Company in Cyber Attack

• Written by Ari Denial Cybersecurity & Tech Writer

Hitachi Energy has confirmed that it experienced a data breach that resulted in the theft of its data by the Clop ransomware group, which exploited a GoAhead zero-day vulnerability.

Hitachi Energy is a subsidiary of the Japanese engineering and technology conglomerate, Hitachi, which specializes in energy solutions and power systems. The company generates an annual revenue of $10 billion.

At this time, it is unclear whether Hitachi Energy was targeted for a ransom or if any of its services were disrupted as a result of the cyber attack. Despite the alleged incident, the company’s website remains accessible.

Hitachi has issued an official statement acknowledging the security incident, stating that a third-party software provider named FORTRA GoAnywhere MFT (Managed File Transfer) was targeted in an attack by the Clop ransomware group. The statement further notes that the attack may have resulted in unauthorized access to employee data in certain countries.

According to Hitachi’s statement, the company responded promptly to the incident by disconnecting the affected system, FORTRA GoAnywhere MFT, and launching an internal investigation to assess the extent of the breach’s impact.

Hitachi has stated that it notified all impacted employees, relevant data protection authorities, and law enforcement agencies of the security incident directly.

In its statement, Hitachi has provided reassurance that, as of the time of the statement, the company has no information to suggest that either its network operations or the security and reliability of customer data has been compromised in the breach.

Fortra disclosed the existence of the zero-day vulnerability in its GoAnywhere secure file-sharing product at the beginning of February. At that time, security publication BleepingComputer speculated that the impact of the vulnerability could be comparable to the recent Accellion FTA hacks that occurred in 2021.

On March 14, 2023, cybersecurity firm Rubrik confirmed that it had been impacted by the exploitation of CVE-2023-0669, after being added to the data leak site. However, the company clarified that the breach was limited to a non-production IT testing environment and did not affect any customer data.

A Cyber Attack Resulted in the Theft of Latitude’s Customer Data

• Written by Ari Denial Cybersecurity & Tech Writer

Latitude has fallen victim to a “sophisticated and malicious” cyberattack, which has led to the theft of approximately 1,03,000 identification documents and 2,25,000 customer records.

Following a cyberattack, Latitude Financial Services (aka Latitude) has revealed a data breach, which has forced the company to close down both internal and customer-facing systems.

As the largest non-bank consumer credit lender in Australia, Latitude is a significant provider of personal loans in the country.

Latitude, a subsidiary of Deutsche Bank and KKR, offers a wide range of consumer finance services such as unsecured personal loans, credit cards, car loans, personal insurance, and interest-free retail finance.

According to Citi analyst Brendan Sproules, the cyberattack could result in short-term expenses ranging from $10 million to $15 million as Latitude takes steps to safeguard customer identities and enlist the services of expert advisors. However, any costs incurred may be offset by cyber insurance policies in place.

The data breach has occurred just a month before the scheduled departure of CEO Ahmed Fahour. He will be succeeded by Bob Belan, the current head of the money unit. This presents an additional challenge for the already struggling lender.

Latitude has reported that over 97% of the 1,03,000 stolen ID documents were duplicates of driver’s licenses taken from the first service provider, while the second service provider had approximately 2,25,000 customer records stolen.

As part of its response to the incident, Latitude has closed down various internal and customer-facing systems, and is continuing to work on containing the attack and preventing any additional breaches or theft of customer data.

In an ASX announcement, Latitude expressed its apologies to the affected customers and stated that it is taking prompt action to reach out to them.

“Latitude’s priorities are to ensure the continued security of our customers, employees, and partners while also maintaining service delivery,” the company stated, promising to provide further updates to the ASX.