UK enterprise software consultancy The Adaptavist Group is investigating a security breach after an intruder logged in with stolen credentials, while a ransomware crew claims it grabbed far more than the company is currently admitting.
In a letter to customers, Adaptavist’s CEO Simon Haighton-Williams said the biz detected an “IT security incident” in late March after an attacker used compromised login details to gain unauthorized access to some of its systems. The company, which builds and sells tools and services around platforms like Atlassian’s Jira and Confluence, has brought in external security specialists and says a forensic investigation is underway to work out what, if anything, was accessed or taken.
The official line, for now at least, is that the systems accessed contained “typical business data,” such as contact information, contracts, and NDAs related to client work.
“Please be assured that the data we hold relating to individual customer contacts is that which you would expect to find on a business card: name, business email address, job role, contact number, organization, etc,” the post stresses.
Meanwhile, a ransomware group calling itself “The Gentlemen” has claimed responsibility in a post on its dark web leak site, boasting of a “complete infrastructure compromise” and a sprawling cache of stolen data. According to Trend Micro, the group is a relative newcomer to the ransomware game with a fairly standard routine: get in using valid access, move quietly, lift data, and then use that data as leverage.
The dark web post, seen by The Register, claims a haul that includes hundreds of thousands of alleged customer records, source code for products like ScriptRunner, internal documents, credentials, and production systems – along with some eyebrow-raising references to external customer environments.
As ever, those claims come with a health warning. Ransomware crews have a habit of overstating their access to increase pressure on their victims, and Adaptavist Group is keen to stress that there is “no evidence” that data relating to customers was accessed.
“Despite claims to the contrary which have been made by an unknown third-party, there is no evidence at this time that any other personal data relating to customers or partners was accessed, exfiltrated or otherwise compromised in this incident which may cause any risk to the individuals involved,” Williams wrote.
“Whilst I realize that incidents are never welcome and it’s never pleasant to receive news of them, I would like to reassure you that there is no sign of, nor reason to believe that there was any access to client systems, data that we process on behalf of clients, or our production systems.”
Adaptive Group has warned, however, that an unknown third party has been sending “misleading correspondence” to customers and partners while impersonating the company in relation to the incident, suggesting someone is already trying to turn the situation into a phishing opportunity. ®