Lighted mirror manufacturer Electric Mirror LLC this week notified (PDF) an undisclosed number of victims that their data was compromised in a March 2024 ransomware attack.
Ransomware group Inc today claimed responsibility for the attack.
The stolen data includes full names, Social Security numbers, dates of birth, passport numbers, military ID numbers, student ID numbers, financial account numbers, health insurance policy numbers, and electronic signatures. Based on the types of information, we can infer the data most likely belongs to employees.
Comparitech was unable to reach Electric Mirror for comment. Our repeated attempts to email the company were blocked. This could be an indicator of compromise or a precaution taken by Electric Mirror to limit further damage.
We don’t yet know how many people are impacted, how attackers breached Electric Mirror’s systems, which systems are affected, how much the ransom is, or if Electric Mirror intends to pay it.
Comparitech recommends victims take advantage of the free credit monitoring offered by Electric Mirror via TransUnion. Monitor your credit report and financial statements for suspicious activity.
Who is Inc?
Inc Ransomware emerged in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software such as Citrix NetScaler.
Inc has been confirmed as the culprit behind four attacks so far this year, according to our data. We’ve logged a further 36 unconfirmed Inc attacks so far this year.
Inc launched an attack on Otolaryngology Associates in February this year, which affected 316,802 people.
Other recent Inc victims include Florida Memorial University, Barrie Community and Family Health in Barry, Canada, and the NHS in the UK. Its earlier victims include Xerox, CellNetix Pathology and Laboratories, Tri-City Medical Center in California, Liberty Hospital in Missouri, Ingo Money, Yamaha Motor Philippines, and King Aerospace.
In 2023, Inc was responsible for 12 attacks in the United States, affecting more than 837,000 records.
Ransomware attacks on US manufacturing
Ransomware attacks can disrupt operations at manufacturing companies, forcing them to cease operations until systems are restored. Many ransomware attacks also involve data theft, which puts employees and customers at risk of fraud.
So far this year, we’ve recorded 11 ransomware attacks on US manufacturing companies, affecting more than 8,000 records. An additional 124 attacks are unconfirmed as of time of writing.
In 2023, we logged 70 such attacks, affecting 331,595 records.
About Electric Mirror
Based in Everett, Washington, Electric Mirror makes lighted mirrors for residential and commercial spaces. On its website, it claims its products are in more hotels than all of its competitors combined. It has more than 350 employees.