Remember meForgot password?
    Log in with Twitter

article imageData breach at cloud solution provider PCM

By Tim Sandle     Jun 28, 2019 in Business
Cloud provider PCM has been hacked with customer information stolen in relation to a gift card scam. The hack happened in May 2019, although it has just been revealed after being flagged by KrebsOnSecurity.
It has become apparent that, during a May 2019 intrusion, hackers managed to extract administrative credentials that the cloud vendor PCM uses for managing customer accounts in Microsoft Office365. The hackers were able to access email and file sharing systems for some of the company’s more than 2,000 clients.
The stolen information appears to have been taken for the purposes of perpetrating a gift card fraud. The evidence for the hack has been reported by KrebsOnSecurity, the website of cybersecurity expert Brian Krebs.
The hack appears to resemble a similar scheme that impacted the Indian outsourcer Wipro. According to to SC Magazine, the malicious activity bears close hallmarks of a state-sponsored actor with financial motives. The hackers seem to be targeting gift card retailers, distributors, and card processors.
In a statement a PCM spokesperson says: “The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers.”
However, some experts are asking just how minimum impact to customers is the case, given that PCM used Office 365 to manage client accounts, especially as the data breach exposed administrative credentials that manage client accounts within Office 365.
In terms of the implications, Robert Prigge, President, Jumio tells Digital Journal via email: "If these hackers can access the Office 365 accounts of PCM’s customers, they can unlock a lot of personal data and sensitive business documents. Think about it — if a hacker has access to your Office 365 account, they can reset your password and lock you out. What’s worse, they may use that same email address as their username for other online accounts. So, if you have 100 employees, and those employees each have just 10 accounts connected to their Office 365 email addresses, that's 1,000 accounts associated with your company that the hackers can potentially now monitor and control."
As to the reasons, Jonathan Bensen, CISO, Balbix tells Digital Journal: "By failing to secure its Office 365 with tighter controls and therefore putting its clients’ bottom lines at risk due to gift card fraud, PCM and its customers stand to suffer significant damage. PCM could lose some customers who have lost faith in the company to its competitors such as Zones, CDW or PC Connection. Not to mention the brand reputation and potential for lawsuits."
Bensen adds: "To avoid suffering the same fate as PCM, enterprises must implement security solutions that scan and monitor all assets and detect vulnerabilities that could be exploited."
More about pcm, Data breach, Cyberattack
More news from
Latest News
Top News