ENTEGA IT subsidiary COUNT+CARE GmbH & Co. KG was attacked back in June, the system data was encrypted with ransomware and a lot of customer data was stolen. According to Entega, a ransom in the high tens of millions was demanded, which was not paid. Well, in July 2022, much of the customer data can be found on the dark web, as threatened. According to experts, the APT group "Black Cat" is at work here.
Cyber criminals who attacked the ENTEGA IT subsidiary COUNT+CARE GmbH & Co. KG on the second weekend in June placed personal data from ENTEGA customers, employees and business partners on the so-called dark web. According to the current state of knowledge, the criminal publication of the data affects a large number of customers of ENTEGA and its subsidiaries, whose names, addresses and consumption data are affected.
Lots of Entega customer data on the dark web
“We deeply regret this incident. Together with the investigating authorities, we have done everything we can since the beginning of the criminal attack to clear up the incident and quickly make the affected systems functional again," says ENTEGA company spokesman Michael Ortmanns. Currently, it is still being evaluated at high pressure which data was stolen.
"We will immediately provide all information about the criminal attack and its consequences on our website," said the spokesman. COUNT+CARE, a subsidiary of ENTEGA AG, fell victim to a cyber attack in June. Among other things, the company's websites and customer portals were blocked. The affected IT systems were immediately isolated and secured, and an investigation by external IT specialists was initiated. ENTEGA immediately informed the responsible data protection and security authorities.
Critical infrastructure (KRITIS) not affected
At no time was there any danger to the so-called critical infrastructure – i.e. the gas, electricity, water and district heating networks operated by ENTEGA and its subsidiaries. "There was no risk of power, water, gas or heat failures," said ENTEGA spokesman Michael Ortmanns.
The damage caused by the cybercriminals has now been largely repaired. The websites and customer portals of ENTEGA can be accessed normally again. Extensive measures have been taken to protect those affected as comprehensively as possible. These include, among other things, resetting the password when accessing meineentega.de online. ENTEGA asks customers to be vigilant regarding suspicious letters, emails, phone calls (mobile/landline), text messages or other unusual activity, particularly on online accounts, including meineentega.de.
Bank details and passwords published
The bank details of some customers were also published. Those affected will be informed individually by ENTEGA. ENTEGA asks these customers in particular to check their bank accounts regularly and, if necessary, to change the passwords used for online banking. However, the company points out that due to the Europe-wide binding two-factor authentication for online banking, the risk of unauthorized transfers is low. There is also a risk of criminal use of the data for the other parties involved. In individual cases, it could happen that those affected receive more spam mails or unsolicited advertising calls in the future. Entega provides further information for customers and a hotline on its website.
More at ENTEGA.ag