Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 8-second. Show all posts

AmeriGas: US Largest Propane Supplier Suffered a '8-second' Data Breach

 

America's largest propane supplier, AmeriGas, has revealed a data breach that lasted ‘8-second’ but affected 123 employees and one US resident. It serves more than 2 million customers in all 50 US states and has more than 2,500 distribution locations. 

Threat actors exploited networks of J. J. Keller – a vendor responsible for providing Department of Transportation (DOT) compliance services to AmeriGas. On May 10th, J.J. Keller detected anomalous activity on their systems associated with a company email account. The vendor quickly began investigating its network to discover that a J.J. Keller employee had been the victim of a phishing email, causing his account to be compromised.

After resetting the employee’s account credentials, J.J. Keller quickly began its forensic activities to determine the full scope of this breach. It revealed that the eight-second data breach leaked sensitive records of 123 AmeriGas employees.

"According to J.J. Keller, during the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees' information, including Lab IDs, social security numbers, driver's license numbers, and dates of birth. To date, we are unaware of any actual or attempted misuse of this personal data as a result of this incident," revealed AmeriGas in a sample data breach notification letter dated June 04, 2021.

Apart from 123 AmeriGas employees, the personal details of New Hampshire resident were also exposed, who has since been alerted of the data breach and been provided with free credit monitoring services. Fortunately, there are no indications that any employee information was copied or misused. 

A second data breach involving AmeriGas this year

This latest data breach comes after AmeriGas suffered a data breach in March 2021, when a company customer service agent was fired for potentially misusing customer credit card information. 

According to AmeriGas, some customers who called AmeriGas customer service had verbally revealed their banking details to this representative who may have misused this information to make unauthorized purchases. 

“We recently detected that there were unauthorized disclosures of credit card information to one of our customer service agents. We do not know whether your credit card information was shared but are writing in an abundance of caution. We investigated the issue as a precaution to further secure your information. The agent involved has been terminated and we have already implemented additional safeguards,” the company had revealed at the time.