Anheuser-Busch Distributor, Ben E. Keith, Network Breach Update
Table of Contents
- By Steven
- Dec 12, 2023
Ben E. Keith Company (BEK) is a food and drink distributor that serves over 62 Texas counties and 15 states. They are a service provider for Anheuser-Busch products, providing everything from craft and import drinks to steaks and sugar. In October, BEK announced a possible data breach of their network information, but further details required an investigation. Their investigations have presumably ended, as a notice for the event has recently appeared on the Texas Attorney General’s website.
How Did the Attack Occur?
When we first learned about the cyberattack, BEK had submitted a breach report to the Maine Attorney General. At that time, investigations were ongoing; however, BEK finally posted a data breach notice on their website earlier this week—including updated information. According to the notice, the cyber event involved an unauthorized actor accessing a portion of BEK’s network. The updated notice does not share information about how the attackers made the assault possible, leading to speculations concerning system access. There are no indications of human error or system vulnerabilities; even so, BEK has responded to the event with increased security protocols.
What Information Was Viewed or Stolen?
The Texas filing offers information about the stolen data in the event (elements not shared in the Maine report). According to Texas, the information loss is significant; it includes names, dates of birth, Social Security Numbers, addresses, driver’s license numbers, government ID numbers (passports and state ID numbers), health insurance information, medical information (diagnosis and treatment details), and financial information (account numbers, credit/debit card numbers, and payment details). The stolen details differ between individuals, but their exposure remains a critical event; the criminals can use any of the information to severely impact the lives of the data owners.
How Did Ben E. Keith Admit to the Breach?
The notice on BEK’s website states the actor breached their system from March 3rd, 2023, to the 5th. Two weeks later, around March 14th, BEK officials became aware of suspicious activity within the network. The hallmarks of the activity are not public, leading experts to presume the attack did not involve malware or ransomware. BEK immediately isolated the accessed network gates and notified preliminary parties of the breach. The Maine filing further indicates that officials notified parties around October 26th. BEK’s website did not post their data notice until early December, while their Texas filing appeared on December 8th.
What Will Become of the Stolen Information?
The information stolen in this breach can be misused in various ways, most profitable. However, how the assailants can use it partially depends on how the owners of the information respond to the event. For example, if the bad actors were looking for a financial account to commit wire fraud, account holders can secure their information by obtaining new account details. If the assailants want to utilize Medicare/Medicaid services, alerting healthcare providers can limit their fraudulent options. Regardless of how the cybercriminals may use the information, data owners can still influence the consequences of BEK’s breach.
What Should Affected Parties Do in the Aftermath of the Breach?
Individuals must closely monitor their accounts, particularly if they are not changing or updating any information. Choosing not to update or change account data is simple in the short term, but it may put them at risk for future misuse. Cybercriminals can take years to utilize the data; subsequently, in that time, account holders may become lax in their caution. Those with information exposed in this breach must consider updating their accounts with strong passwords and security features.