A significant data breach has reportedly impacted the Enterprise Resource Planning (ERP) system, eViridis, potentially affecting its clients as well. The breach was claimed by a Threat Actor (TA) who mentioned compromising and exfiltrating the entire data set of the company, which includes email logs and client information. eViridis is owned by Aveniras LLC, a US-based investment and advisory services firm.
Established in 2010, eViridis specializes in developing business-to-business software solutions for the emerging aftermarket electronics industry. They offer consulting services to help recyclers and corporations streamline their digital processes and workflows. The company boasts of assisting some of the largest Manufacturing, Media, Financial Services, and Healthcare companies globally.
According to publicly available information, eViridis has around 200 employees and generates revenue of $31.1 million. The data breach, as claimed by the TA operating under the alias “jewwu,” has put not only the company but also its clients at risk. The breached data includes email logs, client data, and various other sensitive information. Screenshots shared by the TA revealed user login IDs and passwords, server login credentials, asset counts, audit evaluation results, and more.
Specific clients of eViridis, such as evTerra Recycling, Jabil, and Estrella TV, were mentioned in the screenshots shared by the TA. The full extent of the breach is estimated to be around 2.1TB, with the TA having access to only 61GB at the time. The bad actor indicated a willingness to sell the stolen data for a starting price of USD $500.
If the claims are proven true, the implications of this breach could be severe, potentially leading to identity theft, financial fraud, and a loss of trust among stakeholders. Organizations must take immediate steps to safeguard the privacy and security of all those affected. However, the exact details of the breach, the extent of data compromise, and the motive behind the cyberattack remain undisclosed.
Despite the claims made by the TA, the official websites of the targeted companies are functioning normally, casting doubts on the credibility of the assertions. To verify the authenticity of the claims, inquiries have been made to eViridis and Aveniras LLC, but responses are pending. As of now, the data breach claims remain unverified.
In conclusion, the eViridis data breach has raised concerns about cybersecurity and data protection in the business world. It serves as a reminder for organizations to prioritize their digital security measures to prevent such incidents in the future. The Cyber Express will continue to monitor the situation and provide updates as more information becomes available.