Mayberry clients urged to increase vigilance after cyberattack
With no indication of the extent of a data breach and cyberattack at investment firm Mayberry, the company yesterday urged clients to take immediate steps to protect themselves “against any possible adverse consequences”.
In its second notice to its clients since Friday night, Mayberry yesterday asked them to actively monitor all accounts and contact their financial institution if they notice any suspicious and/or unusual activity. They were also asked to change passwords to all accounts that they operate.
The second notice from Mayberry came after word began to spread on Monday about the cyberattack at the investment house, which confirmed the incident on Tuesday.
In cyberattacks like the one that impacted Mayberry, fraudsters use various methods to deny victims access to their accounts or otherwise disrupt operations.
In a statement sent to clients over the weekend, the investment firm said it had not experienced any disruption as a result of the incident and assured them that their financial portfolios had not been compromised.
The firm did not say when the attack occurred or how long it lasted.
At the same time, Mayberry confirmed that it had also suffered a data breach.
The extent of the data breach is not yet known but, in its notice yesterday, Mayberry told clients it could “confirm that a security breach occurred which compromised client data”.
Mayberry said it has engaged the services of independent cybersecurity experts to carry out a detailed investigation and to execute the necessary remediation to ensure that no existing threats remained,” the statement said.
Mayberry says the data breach resulted in unauthorised access and the stealing of data to include personal data. The company also confirmed that some clients data has been put on the dark web, an area of the Internet where fraudsters lurk as they trade in stolen data to the highest bidder.
The Gleaner can confirm a sequence of events that are sending chills down the spines of many.
Privacy expert Everone Graham, in a June 5 tweet, declared that ‘this doesn’t look good at all. The Play Ransomware group dumps Mayberry Investments data on the dark web”.
A screen grab of the data dump, with 3,314 views, shows that an undetermined amount of data was added on Labour Day and a publication date of June 1. The fraudsters had warned that they would leak the data by June 1. The same ransomware group was fingered in a takedown of cloud computing firm Rackspace Managed Exchange email services in December 2022.
Direct checks with Mayberry indicated that, up to late Tuesday, the leadership was locked in meetings. The company did not answer questions as to whether any ransom was paid but Mayberry listed five actions it has taken to protect itself and its clients. The company said it has upgraded its cybersecurity to protect against any further intrusion. It is also mandating a password reset for clients. Mayberry is now communicating directly with clients, either through telephone calls or via email. An unnamed global cyber security firm has also been engaged to minimise the effects of unauthorised use of clients’ data. The matter has been reported to the Cybercrimes Unit of the JCF.