BHI Energy reports a data breach by Akira gang
Learn More
BHI Energy, an energy services provider and a subsidiary of Westinghouse confirmed that it fell victim to an Akira ransomware attack in June. The incident was initially discovered by BHI's internal IT team, prompting them to launch an investigation in late June.
Upon investigation, the cybersecurity firm determined that the threat actor had gained initial access in late May through a compromised account belonging to a third-party contractor. This initial access allowed Akira to penetrate BHI's internal network through a VPN connection.
The threat actor conducted reconnaissance of BHI's internal network on two separate occasions within a week of gaining access. Subsequently, in late June, the threat actor began exfiltrating approximately 690 gigabytes of data over a span of nine days. This data included sensitive information like BHI's Active Directory database. Once the exfiltration was complete, the threat actor deployed the Akira ransomware.
Upon reviewing the compromised systems, BHI identified that the exposed data contained personal information belonging to 896 Iowa residents. This information include
- full names,
- dates of birth,
- Social Security numbers,
- health-related data.
BHI notified the affected individuals and is offering them a 24-month membership to Experian's IdentityWorks service as a mitigation measure.
The threat actor was successfully removed from BHI's network in July, and the company took significant measures to enhance its security posture. Fortunately, BHI's cloud backup solution remained unaffected, allowing them to recover their data without the need for a ransomware decryption tool.
