Cybercrime

Credit monitoring and supply chain risk company hacked

The unknown hackers accessed CreditRiskMonitor employee data but not customer personal information, the company said.

October 8, 2024

Listen to this article

0:00

Close-up of modern skyscraper at night with multiple exposure. (Getty Images)

Hackers stole sensitive employee data from a software-as-a-service company that advises consumers on trade credit and provides supply chain risk monitoring, according to a Securities and Exchange Commission filing.

CreditRiskMonitor.com said on Tuesday that hackers got away with an unspecified amount of data between July 9 and July 17. The pilfered files included personally identifiable information of employees and independent contractors, but does not include customer data, CreditRiskMonitor noted.

The company said unusual activity was first detected on July 19, but the unauthorized access has “not had a material impact” on operations. No cybercrime group has taken credit for the hack thus far, and there is no indication how the hack occurred. CreditRiskMonitor did not immediately respond to request for comment.

CreditRiskMonitor wrote in the filing that there is no determination if the hack “is reasonably likely to materially impact the Company’s overall financial condition or its ongoing results of operations. However, the situation remains fluid and [CreditRiskMonitor] will continue to assess if and when such developments are reasonably likely to impact its financial condition and results of operations.”

In its annual report to shareholders, CreditRiskMonitor reported operating revenue of $4.9 million last year and touted that its customers include “40% of the Fortune 1000 and well over a thousand other large corporations worldwide.” Those companies subscribe to CreditRiskMonitor for “news alerts, research, and reports on public and private companies to make important risk decisions,” the report stated.

CreditRiskMonitor also said that it employs third-party consultants to evaluate risk management and provide employee training training.

“The Company deploys technical safeguards that are designed to protect information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, redundant data storage and retention methods, anti-malware functionality, security information event management, automated update/patch-management and access controls which are evaluated and improved through vulnerability and exposure assessments and cybersecurity threat intelligence,” according to the annual report.

CreditRiskMonitor, which has just under 100 employees, said in the SEC filing that it is offering those impacted by the hack 24 months of no-cost credit monitoring.