Andy Frain Services over the weekend confirmed it notified 100,964 people of an October 2024 data breach that compromised their personal information.
The company says it discovered the breach on October 23, 2024. Ransomware gang Black Basta claimed responsibility for the breach in November 2024, saying it stole 750 GB of data from the private security firm.
Andy Frain has not verified Black Basta’s claim. We do not know if Andy Frain paid a ransom, how much Black Basta demanded, or how attackers breached the company’s network. Comparitech contacted Andy Frain for comment and will update this article if it replies.
“AFS identified unauthorized activity in its computer network. We secured and remediated the compromise, engaged,” says the company’s notice to victims. “Specifically, certain human resources files were stored in an AFS network location that was subject to unauthorized activity.”
Andy Frain has not publicly disclosed what data was compromised, but it is offering victims 12 months of free credit monitoring and identity theft restoration services. That usually implies Social Security numbers and/or other data that could be used for identity theft were compromised. The deadline to enroll is 90 days from receipt of the letter.
Who is Black Basta?
Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims both for a key to restore infected systems and for not selling or publicly releasing stolen data.
Black Basta has claimed 166 confirmed ransomware attacks since it began, compromising more than 11.7 million records. Its average ransom demand is about $2.9 million.
The attack on Andy Frain was Black Basta’s eight-largest confirmed breach. Its top five include
- Ascension (US) notified 5.6 million people after a breach in May 2024
- Wolf Haldenstein Adler Freeman & Herz (US) notified more than 3.4 million after a December 2023 breach
- EDC Gruppen (Denmark) notified 700,000 of a November 2023 breach. It didn’t pay the $6 million ransom.
- Numotion (US) notified 700,000 people after a data breach in February 2024.
- Southern Water (UK) says 230,000-460,000 customers were compromised in a January 2024 attack. Attackers demanded a $3.5 million ransom. Leaked chat logs suggest Southern Water offered to pay $750,000. The data was later removed from BB’s site, suggesting a ransom could have been paid.
In 2025 to date, Black Basta has claimed five victims, all of which it claimed in January. None of those attacks have been confirmed yet.
Ransomware attacks on US businesses
In 2024, Comparitech researchers logged 793 confirmed ransomware attacks on US organizations, compromising more than 268 million records. 64 of those attacks hit service-based businesses like Andy Frain and compromised 1.6 million records.
The average ransom across all industries is just north of $2.3 million, and $787,000 for service-based businesses.
In another recent such attack, the Hertz Corporation notified more than 1 million people after ransomware gang Clop hacked it by exploiting a vulnerability in the Cleo file transfer software.
In 2025 so far, we’ve recorded 112 confirmed ransomware attacks in total, five of which hit service-based businesses. Ransomware gangs made another 1,365 attack claims this year that haven’t been acknowledged by the targeted organizations.
About Andy Frain Services
Founded in 1924, Andy Frain Services is a private security company that staffs security personnel at large events and facilities including like professional sports matches, transportation hubs, government offices, shopping centers, and festivals. Its clients include the NFL, NBA, NHL, MLB, Kentucky Derby, US Golf Open, and NASCAR.
Source link
-
-
-
-
-
-
-
-
