Prestige Maintenance USA this week confirmed that it had notified 65,452 people of a January 2025 data breach that compromised their personal information. Ransomware group Medusa took credit for the breach shortly after it occurred and demanded $1.2 million in ransom. This may not be the first time that they have been pwned as there is an unconfirmed report of ALPHV/BlackCat pwning them in 2023.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to decrypt their systems and for not selling or publishing stolen data. Medusa has claimed responsibility for 132 confirmed attacks in total, compromising more than 3.1 million records. Its average ransom demand is $631,000.”
“In 2025, Comparitech researchers have logged 226 confirmed ransomware attacks on US organizations in total, plus 1,788 unconfirmed claims. Ransomware attacks on US organizations can both steal data and lock down computer systems. Infected businesses are forced to either pay a ransom or face extended downtime, permanent data loss, and putting customers at increased risk of fraud.”
The fact that the company didn’t tell anyone about this this until seven months later is troubling. And the fact that they might have been pwned before suggests that this is an organization that isn’t great at keeping the bad guys out. I say that someone needs to ask this company some really tough questions and the company needs to answer them if they want anyone to trust them.
Like this:
Like Loading...
Related
This entry was posted on July 24, 2025 at 11:16 am and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Prestige Maintenance USA Appears To Have Been Pwned….. And Perhaps Not For The First Time
Prestige Maintenance USA this week confirmed that it had notified 65,452 people of a January 2025 data breach that compromised their personal information. Ransomware group Medusa took credit for the breach shortly after it occurred and demanded $1.2 million in ransom. This may not be the first time that they have been pwned as there is an unconfirmed report of ALPHV/BlackCat pwning them in 2023.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to decrypt their systems and for not selling or publishing stolen data. Medusa has claimed responsibility for 132 confirmed attacks in total, compromising more than 3.1 million records. Its average ransom demand is $631,000.”
“In 2025, Comparitech researchers have logged 226 confirmed ransomware attacks on US organizations in total, plus 1,788 unconfirmed claims. Ransomware attacks on US organizations can both steal data and lock down computer systems. Infected businesses are forced to either pay a ransom or face extended downtime, permanent data loss, and putting customers at increased risk of fraud.”
The fact that the company didn’t tell anyone about this this until seven months later is troubling. And the fact that they might have been pwned before suggests that this is an organization that isn’t great at keeping the bad guys out. I say that someone needs to ask this company some really tough questions and the company needs to answer them if they want anyone to trust them.
Share this:
Like this:
Related
This entry was posted on July 24, 2025 at 11:16 am and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.