Ο largest propane distributor in the US - AmeriGas - revealed data breach that lasted only a few seconds, but affected 123 employees of the company and one resident. AmeriGas serves more than 2 million customers all over the US while it has over 2.500 distribution locations. This month's data breach was reported by the propane giant to the New Hampshire Attorney General's Office.
The data breach is said to have come from JJ Keller, a supplier responsible for providing Department of Transportation (DOT) compliance services to AmeriGas.
These services include assisting AmeriGas in conducting driving record checks, drug and alcohol tests for drivers and other regulatory checks imposed by DOT.
On 10 May, JJ Keller has detected suspicious activity on its corporate email account related systems. So the company immediately started investigating its network and found that an employee of JJ Keller had fallen victim Phishing email, which led to the breach of his account.
During their brief access, the malicious agents were able to see some files that existed in the account of the employee that was violated. Following the reset of the employee's account credentials, JJ Keller immediately launched an investigation to determine the full extent of the breach.
On 21 May, JJ Keller notified AmeriGas that this eight-second breach revealed files of 123 AmeriGas employees. According to JJ Keller, during the eight-second breach, malicious agents gained access to a internal email with spreadsheets containing information about 123 AmeriGas employees, including Lab IDs, Social Security Numbers, Driving License Numbers, and Birth Dates.
AmeriGas, in a letter of notification of data breach dated June 4, 2021, stated the following: "To date, we do not know of any attempt to misuse this personal data as a result of this incident."
In violation, information about a New Hampshire resident was also reported, who was informed of the incident and is provided with free credit monitoring services.
At present, there is no evidence that any employee information was copied or used.
It is worth mentioning that this is the second case of data breach which occurred in AmeriGas this year.
In March 2021, AmeriGas has revealed a data breach attempt in which a company's customer service representative was fired for possible misuse of customer credit card information.
According to the company, some customers who called the company's customer service had verbally disclosed their credit card details to this representative, who may have misused this information to make unauthorized purchases.
At the time, the company had stated the following: "We recently discovered that there was unauthorized disclosure of credit card information to one of our customer service representatives. We do not know if your credit card details have been disclosed, but we write with great care. We have investigated the matter to further secure your information. The person involved has been fired, and we have already implemented additional protection measures. "
The cyber attacks and incidents against critical U.S. energy companies continue to grow, causing the need for strengthening security controls and education for sensitization between organizations.
Source of information: bleepingcomputer.com