Alvaria Inc. Confirms Hive Ransomware Attack
Alvaria Inc. (formerly Aspect Software, Inc.), a provider of call center and customer experience software technology to large enterprises, has recently confirmed that it fell victim to a ransomware attack on a limited portion of its network.
There is a trend for breach notification letters to only contain the bare minimum information to meet regulatory requirements; however, Alvaria breach notifications include comprehensive details about the attack including the name of the ransomware group responsible. The company has also confirmed that sensitive information was stolen, some of which was released on the Hive group’s dark web data leak site, which helps victims of the breach accurately assess the level of risk they face.
Alvaria explained that the ransomware attack occurred on November 28, 2022, and steps were immediately taken to contain the attack and prevent further unauthorized access to its network. An investigation was launched and a third-party digital forensics company was engaged to investigate the scope of the attack and determine if protected health information had been exposed or compromised. On December 21, 2022, while the incident was still being investigated, Alvaria learned that the Hive group had published sensitive corporate files on its dark web data leak site. Alvaria confirmed that the files released by the group did not contain any personal data but it was not possible to determine if employment-related files were accessed or acquired in the attack.
Alvaria explained in the notification letters that the Department of Justice confirmed on January 26, 2023, that a coordinated law enforcement operation had successfully dismantled the Hive Ransomware operation, resulting in the group’s infrastructure being seized. Alvaria said, “Law enforcement has not indicated whether these employment-related files had been acquired,” and no evidence has been found to indicate any actual or attempted misuse of the information contained in the employment-related files.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Those files contained names, government-issued identification numbers such as Social Security numbers and passport numbers, financial account information, health insurance information, and/or tax-related information. Individuals potentially affected have been notified, and Alvaria has confirmed that employees are already provided with credit monitoring, dark web monitoring, and fraud remediation services through Allstate Identity Protection as part of their employment.
Update:
On May 26, 2023, and hacking incident was reported to the HHS’ Office for civil rights by Alvaria. 13 individual reports are listed, involving a total of 12,404 records, one for each of the clients that had information compromised in the attack. Some clients may choose to report the breach themselves, so the total number of affected individuals may be considerably higher.
