Hackers breached the infrastructure of PCM Inc., one of the major U.S.-based cloud solution provider, and accessed to email and file sharing systems for some of its clients.
Hackers breached the infrastructure of PCM Inc., one of the major U.S.-based cloud solution provider. According to the popular investigator Brian Krebs, the attackers gained access to email and file sharing systems for some of the company clients.
In 2018 PCM generated roughly $2.2 billion in revenue with more than 2,000 customers.
“Sources say PCM discovered the intrusion in mid-May 2019. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp.” reported Krebs.
The attack appears to be financially motivated, attackers appeared primarily interested in stealing data that could be used in gift card fraud scheme.
Krebs speculates that intruders could be the same that hacked the Indian IT outsourcing giant Wipro Ltd. this year. According to RiskIQ, the group that hacked Wipro has been active since at least 2016, it was focused on targeting gift card providers.
It’s unclear whether PCM was attacked separately or is the attacks are linked. The company attempted to downplay the incident declaring that only a small portion of PCM customers was impacted.
“From its investigation, impact to its systems was limited and the matter has been remediated,” PCM told Krebs. “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers. To the extent any PCM customers were potentially impacted by the incident, those PCM customers have been made aware of the incident and PCM worked with them to address any concerns they had.”
Recently, PCM announced it is going to acquired by global IT provider Insight Enterprises, let’s see if this incident could influence the final economic evaluation of the acquisition.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.