Gyrodata reveals data breach: A major oil drilling specialist has admitted it suffered a ransomware attack which may have led to the compromise of data belonging to current and former employees.

Houston-based Gyrodata claims to be one of the world’s leading suppliers of technology and services designed to extract hydrocarbons from the earth.

However, late last week it published a statement revealing the security incident, which was discovered on February 21.

There’s no information on whether the ransomware itself caused any disruption to the firm, but it did admit the potential impact on employees’ personal and financial data.

“Gyrodata’s investigation determined that the unauthorized actor gained access to certain systems and related data within the Gyrodata environment at various times from approximately January 16, 2021 to February 22, 2021,” it said.

“The data potentially obtained by the unauthorized actor may have contained personal information of current and former Gyrodata employees, including names, addresses, dates of birth, driver’s license numbers, Social Security numbers, passport numbers, W-2 tax forms, and information related to health plan enrolment.”

As of last Thursday, the firm has been contacting affected individuals by post, and has set-up a dedicated call center to deal with the potential fallout. Gyrodata is estimated to have around 1000 employees worldwide, including in offices in Scotland and Malaysia.

“Individuals whose personal information may have been involved should remain vigilant for incidents of fraud or identity theft by reviewing account statements and free credit reports for any unauthorized activity,” the statement continued.

“It is recommended that you review any statements that you receive from your health insurer or healthcare providers. If you see services that you did not receive, please contact the insurer or provider immediately. As a precaution, Gyrodata is also offering individuals whose Social Security number or driver’s license number may have been involved complimentary credit monitoring and identity protection services.”

From: Infosecurity Magazine