Sam's Club Investigating Data Breach After Ransomware Gang Shops For Buyers On Dark Web
Sam's Club representatives have refuted this claim, so far, but they’re not planning to ignore it. A representative of Sam's Club said, "We are aware of reports regarding a potential security incident and are actively investigating the matter."
In the past, when Clop launched successful attacks, it posted evidence of data breaches, however, Clop has not posted any evidence of a data breach in this case. This might explain why it is quite difficult for Sam's Club to instantly verify the claim's legitimacy without conducting in-depth security analysis.
Although it hasn't posted evidence of the alleged breach, the Clop ransom gang has gone ahead to include Sam's Club on its dark web list of invaded websites. While this might be concerning, it might not indicate that an actual breach has occurred, especially since the gang has made unverifiable claims of large-scale data breaches in the past. For example, about three months ago, U.S. car rental giant Hertz was also listed by the gang; however, there was no evidence to confim the claim.
Still, the Clop is not known for issuing empty threats. In 2020, it exploited security flaws in Accellion File Transfer Appliance (FTA) devices, leading to data breaches for large companies, including Shell. The gang was equally successful in its attack on Cleo file transfer software last year.
That said, the group is known for targeting large organizations with massive customer bases and Sam's Club fits that description. The retail company has a large network of over 600 US locations in 44 states, earning over $85 billion last year, thus making them an enticing target.
In the midst of the uncertainty, Sam’s Club is trying to assuage the fears of its members. According to Bleeping Computer, the company said that it’s committed to protecting the privacy and security of its members and would not take the claims lightly.
