Share this article on:
Sydney-based CRM provider Legrand CRM has confirmed that Hunters International exfiltrated data from its systems.
Speaking with Cyber Daily, company CEO Alain Legrand said a data breach occurred but that the incident was not a ransomware attack.
“We have been in contact with the Australian Cyber Security Centre (ACSC) and the Victorian government Cyber Incident Response Service (CIRS), both of whom had received a third-party report regarding a potential ransomware incident affecting Legrand CRM,” he said in an email to Cyber Daily.
“What took place is not a ransomware attack but a (small) data theft.”
However, as Mr Legrand pointed out, Hunters International’s listing is flawed and contains incorrect information about the company.
“We are not, as they claim, a business that has 27 employees and $7 million turnover. We’re a small IT business of four people and two external contract developers with annual turnover of less than $750k,” he said.
“They may have mistaken us for the electrical distributor Legrand Australia, which is a much larger business than us, or they are simply lying to make this look bigger than what it is.”
Upon further inspection of the data, it appears that the stolen files do not all belong to Legrand CRM. Some files listed pertain to homewares products that seem to be sold by other businesses.
In addition, Mr Legrand pointed out that the amount of data Hunters International claims to have also appears to be wrong.
The CEO said that despite “clear spikes in outbound and inbound traffic in mid-May, which is when [Hunters International] gained access to the network”, there was “relatively little data transferred out.
“If I add up the outbound data spikes in May, there’s maybe 7GB of data that was transferred out. It’s relatively small considering total server file storage of nearly 2TB,” he said.
“So, either they were very selective or they purposely did smallish transfers over a few days to minimise the risk of being detected.”
While the incident may not only affect Legrand CRM, the company is taking the incident seriously, having severed connections to its network upon discovery of the incident.
“When we became aware of the intrusion, we immediately disconnected the computers in our network from the internet and shutdown the server and the two office desktop computers that were compromised,” Mr Legrand said.
“The CISCO router and firewall were briefly shut down for a few days but then restarted so our external IT could access them.
“The server and two desktop PCs were taken offline, and our IT service provider has been analysing/investigating the server to figure out how they got in.
“For years now, we’ve been using a product called RDPGuard to try and reduce unauthorised login attempts, but still they gained access to one of the two desktop PCs, and from there to the server.
“It is very upsetting and also surprising because we thought we had all the right prevention measures in place.”
Legrand CRM customers are yet to be notified of the incident as the company is still determining the extent of the data theft. They will be notified this week, according to Mr Legrand.