The RansomEXX ransomware gang is believed to be behind the cyberattack BRP recently suffered. The Hackfest Facebook page reported yesterday that the gang has uploaded nearly 30 GB of data which includes, among other things, passports, contracts, project and partner data.
For its part, BRP indicated in a press release published late Tuesday evening that “information on some of its employees and suppliers on which an unauthorized third party got their hands has leaked on the underground Web”.
The company also said that the investigation is still ongoing and that the evidence gathered to date allows it to consider that the impact of the incident from the point of view of data confidentiality is limited, as it had already stated in its press release of August 15th.
BRP also confirmed that it has contacted the few employees who may have been affected by the incident and added that the appropriate resources have been made available to them, including credit monitoring services. The company further believes that the compromised information about some of its suppliers is limited in quantity and sensitivity, and it is in the process of contacting them.
In addition, although it has no evidence that its customers’ personal information was affected by the attack, it will contact the affected individuals or companies directly if the conclusions of the investigation prove otherwise.