Chicago Accountancy Firm Learns About Stolen Data in December 2020 Ransomware Attack

The accountancy company Bansley and Kiener LLP based in Chicago, IL has announced that it encountered a ransomware attack in December 2020 that resulted in the encryption of certain files within its systems. The attack just created a momentary disruption, and all encrypted systems could be restored from backups and quickly return to regular operations.

The attack happened on December 10, 2020, and the subsequent investigation into the incident did not find any evidence of data theft and confirmed that the breach was fully controlled. Nevertheless, Bansley and Kiener stated in a December 3, 2021 data breach notification letter that the company found out on May 24, 2021 that the threat actors had exfiltrated a number of files from its systems, which comprised sensitive client data.

A third-party cybersecurity agency was employed to assist with the succeeding investigation. Although it wasn’t possible to make sure the particular types of details that were accessed and exfiltrated, on August 24, 2021, the investigation affirmed that the attackers potentially obtained the names and Social Security numbers of a number of people.

Bansley and Kiener mentioned the attack prompted an analysis of its security procedures and since then the firm strengthened its security to prevent other data breaches. The workforce get continuing education on cybersecurity best practices. Notification letters have already been sent to affected persons with instructions on how to protect their personal records, such as making use of the complimentary credit and identity theft monitoring services that were given.

The total number of individuals that had their names and Social Security numbers exposed is still uncertain, but four separate breach reports were sent to the HHS’ Office for Civil Rights indicating that a total of 70,941 people were impacted.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at