According to a recent disclosure, the company sent notifications to 100,964 people affected by the breach. Andy Frain Services has not released specific details about what types of personal information were compromised.
In November 2024, the ransomware group Black Basta claimed responsibility for the attack, alleging it had stolen 750 GB of data from the company. Andy Frain Services has not confirmed or denied the group’s involvement.
Cybersecurity experts have raised concerns about the delay in informing those impacted. Roger Grimes, a Data-Driven Defense Evangelist at KnowBe4, questioned why it took nearly seven months to notify victims. “That’s seven months hackers could have been using the learned information to abuse potential victims,” he said.
Grimes also highlighted the importance of understanding how the breach occurred. “If they don’t know how it happened, it’s much tougher to put in place the right mitigations,” he added.
Black Basta is known for its ransomware-as-a-service model, allowing third parties to use its tools to carry out attacks. Since emerging in early 2022, the group has claimed responsibility for 166 ransomware incidents, compromising more than 11.7 million records. The group typically demands ransoms averaging $2.9 million and threatens to release or sell stolen data if victims do not pay.
Paul Bischoff, Consumer Privacy Advocate at Comparitech, noted that the group had claimed five attacks in January 2025, although none have been confirmed so far. In 2024, Comparitech recorded 793 confirmed ransomware attacks on U.S. organizations, affecting more than 268 million records. Service-based businesses like Andy Frain Services were targeted 64 times, with 1.6 million records compromised.
Financially, ransomware attacks have a heavy impact. The average ransom across all industries is around $2.3 million, and $787,000 for service-based companies. So far in 2025, 112 confirmed ransomware attacks have been recorded, with five targeting service-based firms. Additionally, 1,365 other attack claims have been made by ransomware gangs but have not been verified by victims.
Andy Frain Services has not commented on how the breach occurred or what security measures are being taken in response. The company says it is working with affected individuals, but no specific guidance has been issued.
The company provides security services to major organizations, including the NFL, NBA, and NASCAR.
Source: Security Brief
Tags:
Cybercrime in World
