MapleSoft, a company that develops modeling and educational software, is warning customers to avoid emails alleging to have come from the company, due to the fact they contain a malicious attachment. The malicious emails started arriving shortly after MapleSoft suffered a data breach last Tuesday.
According to MapleSoft, the breach last Tuesday resulted in the loss of subscriber data, including first and last names, email addresses, and company and institution data. At this time, it is understood that other account data, such as financial data and passwords, were not compromised during the breach.
The company said they discovered the breach after customers started to complain that they had received what appeared to be a spam from the company.
“Upon investigation by MapleSoft’s IT staff, the security breach was discovered and MapleSoft took immediate corrective actions to stop the breach and prevent further unauthorized access to MapleSoft’s databases. All of the individuals affected by the security breach are being alerted by MapleSoft directly,” the company said in a statement.
As it turns out, the stolen information was being used in an email campaign that alerted MapleSoft’s customers about a data breach, and offered a security patch as an attachment. The patch itself is a variant of Zeus, but other emails contained links to compromised domains hosting the Blackhole Crime Kit.
It isn’t known how many customers were impacted by the breach. However, MapleSoft is just another victim in a string of victim’s this month – and just like the others they had no idea they were compromised until they were alerted by the extended victims or media.
“MapleSoft takes the security of our customers’ and contacts’ personal information very seriously. We are in the process of notifying all individuals whose information may have been compromised,” said Jim Cooper, CEO of MapleSoft.
“We have locked down our systems to prevent further unauthorized access and we are reviewing our security practices and procedures to help ensure this does not happen again. We deeply regret any inconvenience or concerns that this situation may cause our contacts and customers.”
The company has a webpage dedicated to the incident, and asks that customers with questions call them directly at 519-747-2373.
