Recent reports reveal that the sporting brand Puma has been affected by a data breach. The threat actors who are responsible have threatened to release the information if a ransom is not paid. The attackers have claimed they possess around 1 TB of data, however, conflicting reports from Puma say that it was “PUMA source code for an internal application, which was leaked.” The attackers backed up their claims by posting samples of the files on Marketo, a newer dark web site. If Puma decides to not to pay the demands, it will only be a matter of time before the information is either posted in full for free or to paid VIP members.
At this time, the totality of the information is not yet known. Until this is released, Puma customers and employees should simply remain vigilant and be warned that if email addresses were included, they could be at an increased risk for phishing attacks. It is unclear what type of defenses Puma has in place, but they should consider a defense-in-depth strategy moving forward.