The American Radio Relay League (ARRL) has confirmed that a ransomware gang stole data in a cyberattack that occurred in May, initially referred to as a “serious incident.” In notifications sent to those affected, ARRL, the National Association for Amateur Radio, revealed that the “sophisticated ransomware incident” was detected on May 14, when attackers breached and encrypted the organization’s computer systems.

After discovering the breach, ARRL swiftly took impacted systems offline to contain the incident and engaged external forensic experts to assess the attack’s impact. By early June, ARRL disclosed that a “malicious international cyber group” was behind the “sophisticated network attack.”

Impact on Personal Data

“Our investigation has determined that the unauthorized third party may have acquired your personal information during this incident,” ARRL informed the affected individuals. The compromised data included names, addresses, and social security numbers. Despite finding no evidence that the stolen personal information was misused, ARRL decided to provide 24 months of free identity monitoring through Kroll as a precautionary measure.

Extent of the Breach

In a filing with the Office of Maine’s Attorney General, ARRL stated that the data breach affected 150 employees. Although ARRL has not attributed the attack to a specific ransomware gang, sources indicated that the Embargo ransomware operation was responsible. This group emerged in May and has since added only eight victims to its dark web leak site, some of whom were removed after paying a ransom. Notably, ARRL has not appeared on this list, which could suggest that a ransom was paid to prevent data from being leaked.

Preventive Measures and Ongoing Investigation

ARRL assured affected individuals that they have “taken all reasonable steps to prevent your data from being further published or distributed” and are cooperating with federal law enforcement to investigate the incident.

Firstmac Limited, a major non-bank lender in Australia, was one of the Embargo group’s victims, with over 500GB of stolen data leaked on Embargo’s website.

The ARRL ransomware incident underscores the growing threat of cyberattacks and the importance of robust cybersecurity measures. By promptly addressing the breach and providing identity monitoring services, ARRL aims to mitigate the potential impact on its employees. As cyber threats continue to evolve, organizations must remain vigilant and proactive in protecting sensitive information.