Andy Frain notifies 100,000 after major ransomware breach

Yesterday

Andy Frain Services has notified over 100,000 individuals that their personal information was compromised in a data breach that occurred in October 2024.

The security firm, which provides services to clients such as the NFL, NBA, and NASCAR, confirmed that notifications were sent to 100,964 people affected by the breach. Details of the compromised information have not been provided.

In November 2024, the ransomware group Black Basta claimed responsibility for the incident, stating that it had stolen 750 GB of data from Andy Frain Services. The company has not commented on the veracity of Black Basta's claims or if the group was directly involved in the incident.

Commenting on the timing of the notifications, Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, raised concerns about the delay in informing those impacted. Grimes said, "I'm not sure why it took nearly 7 months for Andy Frain Services to notify the impacted people. That's 7 months hackers could have been using the learned information to abuse potential victims. If I do business with Andy Frain Services, I would like to know how the breach happened, if they know. Was it social engineering, unpatched software or firmware, or some other cause. Because if they don't know how it happened it's much tougher to put in place the right mitigations to make sure it's less likely to happen again."

Black Basta, the group that claimed responsibility, is one of several ransomware gangs active internationally. Paul Bischoff, Consumer Privacy Advocate at Comparitech, provided context about the group's operations. In a recent blog post, Bischoff wrote, "Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims both for a key to restore infected systems and for not selling or publicly releasing stolen data. Black Basta has claimed 166 confirmed ransomware attacks since it began, compromising more than 11.7 million records. Its average ransom demand is about USD $2.9 million."

The frequency and impact of ransomware attacks remain significant, according to Bischoff. He noted, "In 2025 to date, Black Basta has claimed five victims, all of which it claimed in January. None of those attacks have been confirmed yet. In 2024, Comparitech researchers logged 793 confirmed ransomware attacks on US organizations, compromising more than 268 million records. 64 of those attacks hit service-based businesses like Andy Frain and compromised 1.6 million records."

Bischoff also provided figures regarding the financial aspect of these attacks. He stated, "The average ransom across all industries is just north of USD $2.3 million, and USD $787,000 for service-based businesses. In 2025 so far, we've recorded 112 confirmed ransomware attacks in total, five of which hit service-based businesses. Ransomware gangs made another 1,365 attack claims this year that haven't been acknowledged by the targeted organizations."

Andy Frain Services has not provided details about how the breach occurred or commented on whether steps have been taken to address the vulnerabilities that led to the incident.

The company continues to work with those affected, but specific guidance or advice to individuals whose information was compromised has not been released.

Share on: