Multinational Swedish security company
Gunnebo AB
has been hacked with the data stolen finding its way onto the
dark web
, the shady part of the internet reachable with special software.
Founded in 1889, though with roots in an earlier company founded in 1764, Gunnebo is a leading provider particularly in Europe of banking security solutions, including cash management, entrance control and safe storage. Although the name of the company may not be well-known, Gunnebo owns Chubbsafes, a familiar brand of safes that had its origins in the U.K. in the 19th century.
The hack of the company possibly dates back to March 2020, Krebs on Security
said
today, but the data stolen has now only appeared on the dark web. Gunnebo said in August that it has thwarted a ransomware attack, but it’s not clear if that attack was related to the theft and subsequent publication of data stolen from the company.
Data stolen and then published is said to include tens of thousands of sensitive documents, including schematics of client bank vaults and surveillance systems. The published data is highly sensitive and valuable to international criminals, particularly bank robbers. Other information stolen and published included security arrangements for the Swedish parliament and confidential plans for the Swedish Tax Agency’s new office
according to
The Local Sweden.
Officially, Gunnebo is describing the theft of data as an “IT incident” that is “extremely regrettable.” While a bank security company being hacked is embarrassing, the tone taken by the firm is arguably unique in that it attacks the media for their reporting of the incident.
How the hack took place is a case of bad security 101. “This breach was the result of an easily-guessed password (password01) and lack in co
mpany network security, which ultimately allowed the hackers to enter the system and steal documents,” Ben Goodman, senior vice president for global business and corporate development at digital identity companyForgeRock Inc.
, told SiliconANGLE. “This type of breach happens all too often. Employing a weak password as the only authentication method gives attackers the easy access they need to hack into a system from any location, at any time.”
Goodman said organizations must be proactive instead of reactive when it comes to security, especially when sensitive information is on the line. “While passwords have been the traditional method of authenticating users for years, they aren’t as secure as we think,” he said. “Organizations should look to more secure login methods, such as biometrics, to mitigate unauthorized access and avoid the hassle of remembering a password.”
Photo: Gunnebo/Twitter
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
We are holding our second cloud startup showcase on June 16.
Click here to join the free and open Startup Showcase event
.
“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy
We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.
