IT network equipment vendor Sagent yesterday confirmed it notified 826 people about a months-long data breach in 2023 that compromised names, Social Security numbers, driver’s license numbers, and financial account info.
Ransomware group Medusa claimed responsibility for the attack at the time. It demanded $600,000 in exchange for not selling or publicly releasing the stolen data.
Sagent’s notification states, “[…] we learned that there was unauthorized access to our network between August 6, 2023 and November 17, 2023, and certain information was viewed or taken without authorization. Sagent then began working to identify the full scope of information that could have been impacted, and concluded this review on April 9, 2024.”
Sagent did not verify Medusa’s claim. We don’t yet know whether Sagent paid the ransom, how attackers breached its network, or if any other Sagent systems were impacted. Comparitech contacted Sagent for comment and will update this article if it responds.
We recommend victims take advantage of the free identity monitoring service offered by Sagent via Kroll.
Who is Medusa?
Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.
To date, we have tracked 76 confirmed attacks claimed by Medusa, which demanded an average ransom demand of just over $774,000.
Medusa’s recent victims include the Harry Perkins Institute of Medical Research (Australia), ValeCard (Brazil), Royal Brighton Yacht Club (Australia), and Viasat Telematics (Spain).
We have also logged 92 unconfirmed attacks claimed by Medusa so far this year.
Ransomware attacks on US tech companies
Comparitech researchers recorded 41 ransomware attacks on US tech companies in 2023, affecting 103,415,880 records. The high number of records affected last year came from large-scale attacks via MOVEit and Fortra.
The average ransom across these attacks in 2023 was $18.5 million, but this figure is skewed somewhat by the extortionate amount demanded by LockBit ($80 million) in its attack on CDW Government.
2024 has seen a significant decline in attacks on US tech companies: just three confirmed attacks and no records impacted so far. However, we’ve just witnessed one of the biggest attacks of the year on CDK Global (a tech provider for car dealerships). CDK allegedly paid $25 million to restore its systems.
We have also tracked 63 unconfirmed attacks on the US tech industry this year so far.
About Sagent
Sagent sells and repairs new, surplus, and pre-owned IT networking equipment for large enterprises. According to its website, it processes more than a million network assets per year for thousands of customers across more than 80 countries.
Sagent, LLC should not be confused with other companies with the same name, including a loan servicing software maker, pharmaceutical company, marketing company, tax service, and nursing agency.