Major U.S. consumer product leasing firm Progressive Leasing has disclosed that some of its systems have been impacted by a cyberattack that resulted in the significant compromise of personally identifiable information belonging to its customers and other individuals, according to The Record, a news site by cybersecurity firm Recorded Future.
Investigation into the scope of the attack is still underway but there has been no major effect found on the company's operations, said Progressive Leasing.
"The Company has incurred, and may continue to incur, significant expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by the Companys cybersecurity insurance, has not been determined," said the company, which added that impacted individuals will be notified regarding the incident.
Such an attack was noted by cybersecurity expert Dominic Alvieri to have been claimed by the ALPHV/BlackCat ransomware operation, which allegedly leaked more than 40 million Progressive Leasing customers' personal data on its leak site.
SecurityWeek reports that threat actors could leverage critical vulnerabilities impacting open-source file-sharing software ownCloud to facilitate sensitive data exposure and authentication and validation compromise.