The United States Geospatial Intelligence Foundation (USGIF) said it was informed March 15 that one of its GEOINT Symposium vendors experienced an information breach.
USGIF said in an email to stakeholders Friday that they “do not yet know all the details of this breach” but are taking steps to address it.
“On March 14, a vendor that has provided GEOINT Symposium registration services to USGIF reported that its system was compromised by cybercriminals, who used malware to encrypt certain parts of the vendor’s systems in a ransomware attack,” USGIF said. “As a result of the attack, a subset of information from USGIF’s database that was held in the vendor’s system may have been exposed and obtained by the cybercriminals.”
Potentially exposed information includes names, addresses, email addresses, phone numbers, fax numbers, job titles, and organizational affiliations.
USGIF said that to its knowledge none of the following information was compromised because the vendor did not have it in its system or did not have access to it: financial information (such as credit card information), passwords, and Social Security numbers.
“USGIF is actively working with the vendor to obtain a full forensic analysis of the incident,” USGIF said. “The vendor is working with federal authorities to investigate the matter and has pledged to keep us informed as the investigation unfolds.”
“…USGIF takes the security of the information we hold very seriously. We know that, despite our investment in significant resources to help protect our data, including information about USGIF members, breaches remain an ongoing and evolving threat. We will continue taking every step necessary to protect your information. Please know we will continue doing all we can to safeguard your privacy.”