Energy giant EDP Renewables North America (EDPR NA) has confirmed a ransomware attack that affected information systems at parent company Energias de Portugal (EDP) on April 13.
EDP Group, which provides energy to more than 11 million customers, began investigating the attack on April 13 and notified law enforcement. Attackers demanded a ransom of 1,580 Bitcoins, or more than $10 million USD, BleepingComputer reports. It seems Ragnar Locker ransomware was used to target the firm; its operators claim to have at least 10TB of files.
On May 8, EDPR NA learned attackers had gained unauthorized access to at least some of the data stored on its information systems, said CEO Miguel Angel Prado in a letter to customers.
The North American branch is now warning customers because its systems hold data including names and Social Security numbers. It stores these to make payments under terms of customer leases, the company says, and doesn’t hold driver’s license numbers or credit/debit card data.
The company is offering customers one year of free data protection via Experian as a proactive measure. It has also taken steps to improve the security of users’ personal data, such as new IT processes and login requirements including multifactor authentication, Prado says.
Read more details here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.