DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Amphastar Pharmaceuticals discovers that threat actors had exfiltrated employee data in May ransomware attack

Posted on August 31, 2020 by Dissent

On July 21, the DoppelPaymer ransomware threat actors added Amphastar Pharmaceuticals to their leak list. They also uploaded a number of files as proof of access and exfiltration.  It was because of that listing that Amphastar eventually discovered that employee data had been stolen in a May attack.

On August 27, Amphastar sent notification letters to current and former employees whose information was impacted by the attack.  The letter explains:

On July 24, 2020, the Company learned for the first time that some Company data had been posted on the internet without authorization on July 21. Most of the information was legacy data (approximately 15 years old) and included some of your personal information along with other company records.

The Company immediately investigated this posting to learn what happened with the assistance of a leading specialist routinely retained to assess and mitigate cybersecurity incidents. The posting was determined to be related to an earlier ransomware attack on May 2, 2020 that had been fully contained without any indication that data had been removed based on available records. No payment was or will be made to the criminals responsible for this malicious/criminal act. The Company was able to use backups and restore business continuity promptly. As law enforcement and others have reported, ransomware attacks have increased and have targeted the healthcare industry in the United States and around the world including during the global pandemic.

What Information Was Involved?

The personal information that was involved included your first and last name, and Social Security Number.

To be clear, other personal information was not involved. For example, the Company has concluded that there was no driver’s license number or government identification number, credit card or financial account number, medical or health insurance information, biometric data, or user name or email address along with a password or security question and answer.

You can read their whole notification letter on the California AG’s web site.

 

Category: Business SectorMalwareU.S.

Post navigation

← PULAU Corporation notifies employees of June hack
American Payroll Association notifies people of cyberattack on site →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.