Save the Children hit by ransomware on September 2023 which exposed 7TB data.
A top nonprofit's IT systems were allegedly compromised by the cybercrime group BianLian, who claim to have taken a tonne of files, including what they claim to be financial, health, and medical information.
On its website, BianLian boasted that it had attacked a group that appears to be Save The Children International based on the gang's description of its unnamed victim.
The extortionists assert that they have taken 6.8TB of data, including 800GB of bank records, foreign HR files, and personal information.
If a ransom demand is not satisfied, it is presumed that BianLian will disclose or sell this information. Inquiries made by The Register were not immediately answered by the NGO.
Source: https://www.theregister.com/2023/09/11/bianlian_save_the_children/
TPRM report: https://scoringcyber.rankiteo.com/company/save-the-children-international
"id": "sav115717923",
"linkid": "save-the-children-international",
"type": "Ransomware",
"date": "09/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Nonprofit',
'name': 'Save The Children International',
'type': 'Nonprofit'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['financial',
'health',
'medical information',
'bank records',
'foreign HR files',
'personal information']},
'date_detected': 'September 2023',
'description': 'Save the Children hit by ransomware on September 2023 which '
'exposed 7TB data.',
'impact': {'data_compromised': ['financial',
'health',
'medical information',
'bank records',
'foreign HR files',
'personal information']},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'The Register'}],
'threat_actor': 'BianLian',
'title': 'Save the Children Ransomware Attack',
'type': 'Ransomware'}