Exclusive: Legrand CRM confirms ‘data theft’ as Hunters International publishes
Exclusive: Legrand CRM confirms ‘data theft’ as Hunters International publishes
Sydney based CRM provider Legrand CRM has confirmed that Hunters International exfiltrated data from its systems.
Speaking with Cyber Daily, company CEO Alain Legrand says that a data breach occurred, but that the incident was not a ransomware attack.
“We have been in contact with the Australian Cyber Security Centre (ACSC) and the Victorian Government Cyber Incident Response Service (CIRS), both of whom had received a third party report regarding a potential ransomware incident affecting LegrandCRM,” he said in an email to Cyber Daily.
“What took place is not a ransomware attack but a (small) data theft.”
However, as Mr. Legrand points out, Hunters International’s listing is flawed, and contains incorrect information about the company.
“We are not, as they claim, a business that has 27 employees and $7M turnover. We’re a small IT business of 4 people and 2 external contract developers with annual turnover of less than $750k,” he added.
“They may have mistaken us for the electrical distributor Legrand Australia, which is a much larger business than us, or they are simply lying to make this look bigger than what it is.”
Upon further inspection of the data, it appears that the stolen files do not all belong to Legrand CRM. Some files listed pertain to homewares products that seem to be sold by other businesses.
In addition, Mr. Legrand points out that the amount of data Hunters International claims to have also appears to be wrong.
The CEO says that despite “clear spikes in outbound and inbound traffic in mid-May, which is when [Hunters International] gained access to the network,” there was “relatively little data transferred out.
“If I add up the outbound data spikes in May there’s maybe 7GB of data that was transferred out. It’s relatively small considering total server file storage of nearly 2TB,” he added.
“So, either they were very selective or they purposely did smallish transfers over a few days to minimise the risk of being detected.”
Whilst the incident may not only affect Legrand CRM, the company is taking the incident seriously, having severed connections to its network upon discovery of the incident.
“When we became aware of the intrusion we immediately disconnected the computers in our network from the internet and shut-down the server and the 2 office desktop computers that were compromised,” added Mr. Legrand.
“The CISCO router and firewall were briefly shut down for a few days but then restarted so our external IT could access them.
“The server and 2 desktop PCs were taken offline and our IT service provider has been analysing/investigating the server to figure out how they got in.
“For years now we’ve been using a product called RDPGuard to try and reduce unauthorised login attempts, but still they gained access to one of the two desktop PCs, and from there to the server.
“It is very upsetting and also surprising because we thought we had all the right prevention measures in place.”
Legrand CRM customers are yet to be notified of the incident as the company is still determining the extent of the data theft. They will be notified this week, according to Mr. Legrand.
Daniel Croft
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
