Ransomware gang says it’s responsible for data breach at Pennsylvania food producer

Ransomware gang Black Basta today claimed responsibility for an October 2024 data breach at Furmano’s, a Pennsylvania food producer. The breach compromised the names, Social Security numbers, and addresses of 2,365 Furmano’s employees.

Furmano’s has not verified Black Basta’s claim but did acknowledge the data breach was caused by a ransomware attack. Black Basta gave Furmano’s just over a week to pay an undisclosed amount of ransom.

Furmano’s notice (PDF) to victims states, “On October 10, 2024, Furmano’s began experiencing problems affecting the function and availability of our networking and computer systems. We immediately worked to contain the problem and investigate its scope and cause. With the help of an expert remediation team, we ultimately determined the cause of the issue was a ransomware attack perpetrated by a third party.”

We do not yet know if Furmano’s did or will pay a ransom, or how attackers breached Furmano’s network. Comparitech contacted Furmano’s for comment and will update this article if it replies.

The company is offering eligible victims free credit monitoring and identity theft protection via LifeLock.

Who is Black Basta?

Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients can pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims for a key to restore infected systems, and for not selling or publicly releasing stolen data.

Black Basta has claimed 45 confirmed ransomware attacks in 2024 so far, compromising the private information of more than 1 million people.

Furmano’s is not the first company in the food and beverage industry that Black Basta has targeted. The group claimed responsibility for attacks on Carolina Foods (March 2024) and Instinct Pet Food (US, October 2024) in the US, Canada’s Lactanet (May 2024), and Germany’s Vossko (November 2024) and Henry Lambertz (May 2024).

Black Basta claimed another 140 unconfirmed attacks this year that haven’t been acknowledged by targets. Seven of those were against food and beverage companies.

Ransomware attacks on US food and beverage

Ransomware attacks can lock down computer systems and steal data. The attackers then demand a ransom in exchange for a key to unlock those systems and not sell or publicly release the stolen data. Criminals can use the data to defraud employees. The downtime caused by ransomware encryption can cause delays in production, missed deliveries, and late payments.

Comparitech researchers logged 25 confirmed ransomware attacks against American food and beverage companies in 2024 so far, compared to 26 in all of 2023.

In a recent attack on Bojangles Restaurants, Hunters International claimed a breach that compromised the data of 165,000 people. In another, tea producer ITO EN confirmed an attack claimed by Play Ransomware.

About Furmano’s

Founded in 1921, Furmano’s produces tomatoes, beans, vegetables, and grains for the food service and retail industries. Based in Pennsylvania, it sells produce grown in the local region. Furmano’s employs between 200 and 500 people, according to its website.