INDIANAPOLIS — The owner and operator of Ashley Homestore furniture stores experienced a cybersecurity incident last month, WRTV Investigates has learned.
DSG owns and operates over 163 Ashley retail stores, 29 distribution centers, and three corporate offices, with over 5,000 team members, according to their website.
A spokesperson for the company did not answer questions from WRTV as to whether customer or employee data was compromised.
“Like many companies, we are not immune to the unlawful efforts of third parties to attempt to breach our network,” said Lisa Fanaro, EVP Strategy & Experience at DSG. “In this regard, we can confirm that DSG experienced a cybersecurity incident in June. Immediately upon discovering the incident, we executed our security protocols to mitigate against these efforts.”
According to a June 20 email sent to employees, the company notified law enforcement.
“As investigations are ongoing, we cannot provide additional details at this time,” said Fanaro.
Cyberattacks are on the rise among government agencies and private companies.
PREVIOUS | How cybercriminals sell your information on the dark web
Today, the Identity Theft Resource Center released a report showing a 114 increase in publicly-reported data compromises.
According to the H1 2023 Data Breach Report, there were 951 publicly-reported data compromises in the Quarter, a 114 percent increase compared to the previous Quarter (445 compromises).
It is the most breaches the ITRC has tracked in a single quarter.
“Through the first half of the year, the ITRC has tracked 1,393 compromises, higher than the total compromises reported every year between 2005 and 2020 except for 2017,” according to the report. “This puts 2023 on pace to set a record for the number of data compromises in a year, passing the all-time high of 1,862 compromises in 2021.”
A spokesperson for the Indiana Attorney General's office says they haven’t received a notice from Ashley Furniture Homestore or its corporate parent about an incident in June, but under the Disclosure of Security Breach Act, they have up to 45 days to provide notice.
RELATED | Growing number of school districts victims of cyberattacks
Herb Stapleton, Special Agent in Charge of the FBI’s Indianapolis field office, told WRTV last year FBI can stop ransom payments from getting to criminals if they are notified quickly.
“Trying to go after the money, and then to target the actual infrastructure that these individuals use,” said Stapleton in 2022. “What we are trying to do from an investigative standpoint is go after the key services that create an environment in which ransomware can happen. That means targeting the people who are responsible for gaining access to these networks, that can mean targeting the funds or proceeds of this kind of illicit activity.”
But it’s not easy to find the cybercriminals and prosecute them.
“It takes an extraordinary amount of investigative work,” said Stapleton. “Once we identify who they are, there’s a whole new set of challenges as we identify where they are. As you can imagine, many of these criminals live in countries that don't cooperate with the United States."
A lot of cyber attacks originate from Russia, China, Iran and North Korea.
