On May 26, BLK Sport disclosed that they had been attacked by DarkSide on April 21, 2021.
Of note, the firm states that they have to assume that information may have been exfiltrated (because that’s how DarkSide normally operated), but they have been unable to actually determine the extent of any information theft. According to their notification, the information the hackers may have stolen includes:
- customer names, addresses, contact details (eg phone numbers, email addresses and the name of any customer representative), contract information and order information; and
- the names, addresses, contact details (eg phone numbers, email addresses and the name of any supplier representative), contract information, order information and bank account information of people (including companies) who supply goods or services to us.
They note:
We do not believe that information held in our systems which run on servers outside BLK has been compromised. In particular, we do not believe that usernames and passwords for BLK’s online ordering system, or credit card or other payment information which may have been input into that system, have been stolen.
It is possible, however, that information provided to them via email may have been compromised.
You can read the full notification on their web site.