Tempur Sealy International, Inc. – the world’s largest bedding provider has been targeted by the Blackcat / ALPHAV ransomware gang.
The company, which are based in Lexington, Kentuckey manufacture bedding under the brand names of Tempur-Pedic, Stearns & Foster, Cocoon, and Sealy.
The company have over 12,000 employees and have an operating revenue of approx USD $5B. (2021 figures)
ALPHAV attack
ALPHAV posted about the attack on their leak site yesterday (2nd August), but indicate that they had compromised the Tempur Sealy network a number of weeks ago.
The hackers explain on their site that senior executives at Tempur Sealy have been made aware of the breach, but have not responded in any way, leading to ALPHAV posting about the breach.
In the information posted, the hackers claim to have full access to the computer used by Mo Vakil – Tempur Sealy general council and have been accessing correspondence between Mr. Vakil and an external legal advisor at BakerHostetler.
The attackers also go on to explain that they have full knowledge of the Incident Response software used by Tempur-Sealy and that it isn’t configured properly to identify the attacker presence.
Data Exfiltration
In their post, ALPHAV state that they still have full access to the Tempur-Sealy network, and have exfiltrated a number of files which include the content of the companies Dynamics AX servers and other systems which hold PII data.
The PII they claim to have stolen includes customer banking data, last 4 digits of card data, customer names, order details, and more.
They also claim to have access to internal banking transactions, as well as Mr Vakil’s private Gmail messages.
