Cyberattack on debt acquisition firm Cabot involved theft of 394000 data files court hears â The Irish Times

pA cyber attack targeting acquisition and credit servicing firm Cabot involved theft of some 394000 data files including material related to its direct customers and its loan book the High Court has heardppCabot Financial Ireland Ltd Cookstown Court Old Belgard Road Tallaght Dublin claims there are âpersons unknownâ behind the attack along with a UK incorporated web hosting provider called Aeza International LtdppLast month Cabot was granted an injunction requiring Aeza and the âpersons unknownâ to deliver up some 356 GB of data initially removed from Cabotâs IT system between September 17th and 18th lastppCabot was also granted an anonymisation order and its initial application was heard in private in camera by Mr Justice Brian CreganppCabot successfully argued that this was to prevent the alleged cyberattackers seeking a ransom for the return of the data It also argued that if the alleged attackers were given notice of the making of any order by the court this could lead to widespread dissemination of the materialppCabot has more than 100000 current customers and if the data stolen included historic customers it could be multiples of that figure Cabot director Sean Webb said in an affidavitppWhen the case again came before the court later in October Mr Justice OisÃn Quinn lifted the anonymisation and in camera orderppOn Thursday when it then came before Mr Justice Mark Sanfey Johnathan Newman SC for Cabot said the known defendant Aeza had now been served with the court papers by registered post However there has been no appearance before the court by AezappCounsel said that when the matter was before Mr Justice Quinn that judge had concerns about service of the papers on persons unknown who are only identified by an IP internet protocol address The judge made certain orders in relation to them but it had not been possible to serve the order and counsel sought to continue the order so this could be doneppOn Thursday Mr Justice Sanfey directed that as well as serving them with the papers by post they could also be informed by email He said the case could come back next month when the court would hear an application for an extension of the injunction until the full case is heardppIn his affidavit grounding the injunction application Cabot director Mr Webb said the firm holds personal and corporate information on its IT system along with identification documentation corporate commercial and employee datappIn the last two weeks of September Cabot became concerned at suspicious activity on its systems and a number of technical steps were taken to respond he saidppIt then engaged an incident response team to commence a thorough investigation supported by cyberattack expert Mandiant and external counselppOn October 4th Mandiant reported a data theft It was discovered that on September 17th a command was made to back up files to an external IP addressppMr Webb said that between September 17th and 18th âevent loggingâ on its system recorded the backup utility accessing 393984 files He said the âthreat actorsâ had accessed the system and removed around 35665 of data to the external IP addressppCabot says it notified the Central Bank and the Garda National Cyber Crime Bureau of the matterppMr Webb said the affected data included information relating to direct customersâ debt acquired by Cabot and customers of financial institutions that Cabot provided credit servicing activities toppIt includes loan book data relating to loans it purchased and contact details There is a risk it could contain material relating to health or marital relationship in instances where a customer writes explaining the circumstances giving rise to repayment arrears he saidppThere was also sensitive data relating to employees as well as data relating to pricing redundancies business opportunities and internal corporate confidential datappMr Web said Mandiant had concluded that the IP address is associated with Aeza which has an address in Barking Road London From a Google Street View search it appears to be the office of another firm that merely provides secretarial services to Aeza he saidppThe only director of Aeza is Marat Timurov with an address in Uralsk Kazakhstan Aezaâs website describes it as a webhosting provider and it has a UK contact number and an email addressppGet the latest business news and commentary from our expert business team in your inbox every weekday morningpp 2024 The Irish Times DACp