fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Puma Hit by Data Breach After Kronos Ransomware Attack

Puma Hit by Data Breach After Kronos Ransomware Attack

Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021.

The data breach notification filed with several attorney generals’ offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data.

Kronos describes KPC as secure storage protected from attacks using firewalls, multi-factor authentication, and encrypted transmissions.

It’s used as a server facility for hosting Workforce Central, Workforce TeleStaff, Enterprise Archive, TeleTime IP, Extensions for Healthcare (EHC), and FMSI environments.

Right after the attack, a Kronos customer impacted in the incident told BleepingComputer that they had to go back to using paper and pencil to cut checks and monitor timekeeping.

Also Read: What is ransomware and how ready is your business from it?

Thousands affected, almost half of all Puma employees

“Since the attack was discovered, Kronos has been conducting a comprehensive review of the impacted environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition,” written letters sent to impacted individuals on February 3 say.

“On January 7, 2022, Kronos confirmed that some of your personal information was among the stolen data. We notified PUMA of this incident on January 10, 2022.”

While the breach notification doesn’t mention how many Puma employees had their info stolen during the attack, information provided to the Office of the Maine Attorney General reveals that the ransomware operators got their hands on data belonging to 6,632 individuals.

Puma also said that the documents stolen during the Kronos ransomware attack include Social Security Numbers in filings with the same office.

People affected by this data breach were also offered two years of free Experian IdentityWorks membership, which comes with credit monitoring, identify restoration, and identity theft insurance.

Puma is one of the world’s leading sports brands with 14,300 employees worldwide and €5.23 billion in sales during 2020.

Also Read: The necessity of a data protection plan for businesses in Singapore

Hackers also stole source code for an internal Puma application in August and put it up for sale on the Marketo data leak portal. The attack was confirmed by the head of Puma’s corporate communications, Robert-Jan Bartunek.


Update February 08, 04:41 EST: Puma’s Senior Head of Communications Kerstin Neuber said that no Puma customer data was impacted in a follow-up statement sent after we published:

On January 10, 2022, PUMA North America was notified that UKG/ Kronos, one of PUMA’s vendors, was mitigating the impact of a ransomware incident. The breach occurred solely within UKG/ Kronos’ systems. No systems on PUMA’s network were breached and no PUMA customer data was impacted. The incident was limited to Kronos’ Private Cloud.

UKG/ Kronos has engaged cybersecurity experts, notified the authorities, and is communicating with those impacted. Any media inquiries related to the underlying UKG/Kronos breach should be directed to UKG as the matter is currently under investigation.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us