Hackers stole sensitive employee data from a software-as-a-service company that advises consumers on trade credit and provides supply chain risk monitoring, according to a Securities and Exchange Commission filing.

CreditRiskMonitor.com said on Tuesday that hackers got away with an unspecified amount of data between July 9 and July 17. The pilfered files included personally identifiable information of employees and independent contractors, but does not include customer data, CreditRiskMonitor noted.

The company said unusual activity was first detected on July 19, but the unauthorized access has “not had a material impact” on operations. No cybercrime group has taken credit for the hack thus far, and there is no indication how the hack occurred. CreditRiskMonitor did not immediately respond to request for comment.

CreditRiskMonitor wrote in the filing that there is no determination if the hack “is reasonably likely to materially impact the Company’s overall financial condition or its ongoing results of operations. However, the situation remains fluid and [CreditRiskMonitor] will continue to assess if and when such developments are reasonably likely to impact its financial condition and results of operations.”

In its annual report to shareholders, CreditRiskMonitor reported operating revenue of $4.9 million last year and touted that its customers include “40% of the Fortune 1000 and well over a thousand other large corporations worldwide.” Those companies subscribe to CreditRiskMonitor for “news alerts, research, and reports on public and private companies to make important risk decisions,” the report stated.

CreditRiskMonitor also said that it employs third-party consultants to evaluate risk management and provide employee training training.

“The Company deploys technical safeguards that are designed to protect information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, redundant data storage and retention methods, anti-malware functionality, security information event management, automated update/patch-management and access controls which are evaluated and improved through vulnerability and exposure assessments and cybersecurity threat intelligence,” according to the annual report.

CreditRiskMonitor, which has just under 100 employees, said in the SEC filing that it is offering those impacted by the hack 24 months of no-cost credit monitoring.

The post Credit monitoring and supply chain risk company hacked appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server

September 19, 2024 0 Comments 0 tags

VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of

Read More

Meta to Pay Texas $1.4bn for Unlawful Biometric Data Capture

July 31, 2024 0 Comments 0 tags

Meta has agreed a $1.4bn settlement with the State of Texas for failing to inform Facebook users about its biometric data capturing practices

Read More

SEC Investigation into Progress MOVEit Hack Ends Without Charges

August 8, 2024 0 Comments 0 tags

After months of investigation, the SEC decided not to recommend any enforcement action against software provider Progress regarding the supply chain attack

Read More