Data Breach

AlphV Mauls Cadre Services

Parker Bytes October 20, 2023

Well, folks, we have eyelid-twitchingly wild tale for you chums today. It’s about a company that, unfortunately, paints a vivid picture that belongs in a cautionary tale about cybersecurity. Right-o, so where shall we begin, you ask? Well, let’s start with Cadre Services (once known as the Premier Staffing, don’t confuse the two old chap), a Wisconsin company that has been serving up office professionals to the employment market since 1994. Well, it seems Cadre had become a key target in a recent ransomware attack by internet baddies.

They’ve managed to scoop up a tidy 100GB of top-drawer information, from the humble job seeker’s contact details to the rather incriminating personal files from the top brass – right down to the CFO’s stash. How’s that for a bit of a sticky wicket, eh?

Now, these tech-savvy marauders had the ballsiness to negotiate – yes, bargain – for the safe return of the pilfered information. And you know what, ol’ Cadre offered a measly $35,000 to protect their data; a sum that didn’t go down well with the shifty tech-nappers. Can you even believe that?

The negotiations themselves make for a right riveting tale. Cadre’s IT manager, let’s call him Jason, kept insisting that the company puckered up at the thought of coughing up $300,000. In response, the attackers claimed they had access to Cadre’s bank accounts and retorted that they could see a nifty $190,000 merely sitting there. Soon after, Cadre comes back, ready to up the ante to a whopping $35,000 – oh, wait, not whopping, that’s just my Brit sarcasm slipping out.

Then, the plot thickens. After a day of silence, the attackers reignite the struggle by emailing the company, including Cadre’s clientele and other relevant parties on the dreaded list. The grubbiest bit of it all – they leaked a sample file containing sensitive employee data. Worse still, they flaunt the fact that Cadre tried downplaying the whole debacle by insinuating that vital personal data, like social security numbers, weren’t likely touched. Of course, by this point, Cadre should’ve known these chaps had their grubby mitts on quite a lot of sensitive data.

In an attempt for an inside scoop, some questions were fired over to Cadre. Queries like “Had they got cyber insurance?” or “Had they contacted the authorities?” and “Had they made concerned parties aware of the stolen data?” But, as easy as a Sunday morning, not a dicky bird was heard back from ol’ Cadre.

Therefore, we now find ourselves watching Cadre wading through a veritable minefield of incident response. Hopefully, they’ve got backups or some policy to cover the hefty costs that are bound to pile up soon.

Mate, let’s be crystal here; cybersecurity isn’t a game. It’s real, it’s present, and its effects can be destructive for both your business’ reputation and your clients. Mind you, Cadre could’ve never intended to pay up, leaving us to wonder whether its negotiating and stalling were all a strategic ploy. Tragically, it’s their clientele and those poor job seekers who are caught in the crossfires whilst these baddies run riot in the virtual world. Chin up, and let’s see what happens next, folks. There’s always a lesson to be learned in these messy affairs, isn’t there?

by Parker Bytes