Email

Print

But before we get into the kind of data that was taken, and whether you should be worried, today in a press conference, the company's CEO traced the history going back to March:

John Mencias, CEO, BEL
"March 31st, 2023, in the dark of the night, or very early morning, I think it was about 2:09am, we first detected suspicious activity on our systems. It was unusual activity and it was actually traced back from an IP address in Russia. Our telecommunications services department moved immediately to block the IP address as a protective measure and took further actions to restrict external traffic to and from the service being affected. And thereafter we continued with heightened vigilance. Then again between May 9th and May 15th which was about one and half months later, we detected again a rise in suspicious activity, and we actually then detected the presence of foreign actors in our network and took immediate action to remove these actors and to isolate the parts of the system that we felt were compromise. We then took an important step to contract actually on May17th, a global security specialist firm that goes by the name CYESYC, so CYE for short, so it actually investigates and help us, well, to investigate what we definitely saw as a breach and to report on the extent of the breach, including its origins and what data and information if any was exfiltrated, meaning taking out of our system, uploaded somewhere else."

"With the assistance and guidance of CYE, BEL undertook a series of remedial actions, including procuring new tools and services, to remove any residual form of the threat that could be detected on the system. However, and there were the deep scan of all the systems happening over weeks, but our investigations did not ascertain any point of original compromise. We did though find ransomware, further pushing ransomware, and other real time monitoring software on the system, and that is when we were able to trace that back to a ransom group called Ragnar Locker out of Russia. And these were promptly removed, we continued our deep scan and removed all suspicious actors and there was no further suspicious activity."

So what were the effects of the hack? Well, at first it seemed virtually harmless, until earlier this month, when BEL realized that customer and employee data was stolen.

John Mencias, CEO, BEL
"While they were able to penetrate the IT systems, they were unable to penetrate or compromise the OT environment. We detected no trace at all of them in there. But from the IT side, at that time, we could not determine the data that they downloaded, if any, or well, uploaded to their site at that time. We knew that they were in there, they were snooping around as it were, but we could not determine at all. So we had no evidence that they had exfiltrated, which is taking out any data."

"On June 20th, 2023 we received an email from an unknown sender email address, some radioncfuykg@protonmail.com, it was actually sent to my email address, to the email address of Jose Moreno who is the general manager of energy supply and transmission, and to the email address of our CFO, who is here with us, Sean Fuller, and he's the general manager of finance and business support. We received that email from them, and we'll share it with you, saying we have to notify that your company's network had a serious vulnerability which allowed a security permit, you have to reply to this email as soon as possible otherwise all the data will be published. That was sent to us on June 20th. Our incident response team again on the advice of the security consultants who were working with us determined that no one should respond to this email, and no further communication was received from this sender afterwards. Again, this is best practice, you are not even sure that this is the company that might have hacked, this could have been a company that read what we put out there to the media and to our customers and decided that they would get a payday on top of this."

"However on July 13th, 2023, the CEO in the Ministry of Public Utilities alerted to us, actually both the CFO Sean and me, I think we were the only two, alerted us that he was informed by his regional partners of a potential data breach of BEL's information systems and he sent copies of files that were leaked as proof. Our incident response team immediately confirmed that indeed this was so, confidential employee and customer information was being shared on the dark web."

"And it seems that the leaked data had been posted and available on their website from May 5th, 2023."

But before you start cancelling credit cards and updating passwords, BEL says the kind of information that was stolen were mainly applications, invoices, vacation forms, and financial records. However, over 10,000 customers may also have had their SSB number's taken. CEO Mencias explained more.

John Mencias, CEO, BEL
"There was customer, information on customer application forms, actually there was about 10,800 individual customer forms which contained identification information, SSB card information and then some transaction details but no credit card number or bank account number but definitely as I said SSB card and personal details. Information on BEL's salary structure, payroll, other things, conflict of interest disclosures, property tax invoices, appraisals, accident reports, there were actually password files that are password protected. Bare in mind, all our passwords were double changed from early on. Accident reports, legal case submissions, so I think they went after certain data that maybe they felt they could embarrass us with. I don't know, you don't know what's the mindset and mentality of these hackers. What we do know that all the information investigated, as I said, we downloaded and have got through it, are dated April 2023, or earlier. So it seems that we, when we took action, we were able to prevent them from going any further and we got them out of the system, but again, these are sophisticated people, this is what they do for a living, you can never be sure. I mean you can't sleep on this at all. But before I go any further, we BEL, and myself as the CEO, would like to personally and sincerely apologize to all our customers and our employees and all other stakeholders affected by this data breach and any outcomes that may arise as a result of it, we will be reaching out, in fact we have already reached out to our employees, well, we are reaching out and we will reach out to every individual employee and customer and stakeholder whose data was exfiltrated and uploaded onto this dark web."