Belize Electricity Limited Has Had its IT Network Hacked

BELMOPAN, Belize – The Belize Electricity Limited (BEL) says it has taken steps to provide further security measures after confirming that its information technology (IT) network had been attacked by “cyber criminals”

John MenciasBetween the end of March and the middle of May, Ragnar Locker, a ransomware company out of Russia, infiltrated the company’s IT system and extracted customer and employee data. Last month, the hackers demanded a ransom from BEL in exchange for the data.

But the company ignored the ransom email based on the advice of a cyber security company they hired to improve the company’s cyber security.

However, last week, an email was sent to the chief executive officer in the Ministry of Public Utilities informing him that key data from BEL was being circulated on the dark web. Attached to that email was evidence of the data.

BEL has since confirmed that during the cyber attacks, Ragnar Locker extracted approximately 355 gigs of data.

BEL chief executive officer, John Mencias, told a news conference that on July 13 the chief executive officer in the Ministry of Public Utilities alerted both the two senior management officials at BEL, including him of the situation.

“We were the only two. So he alerted us that he was informed by his regional partners of a data breach in BEL’s information system and he sent copies of the files that were leaked as proof.

“Our incident response team immediately confirmed that this was so, confidential employee and customer information was being shared on the dark web, not on the usual website that we were able to access and it was indeed website of this ransom ware operator, Ragnar Locker and again this confirmed our suspicions.”

Mencias said that the leaked file was evidence that the information was gotten from the company’s file servers and its network and actually from individual computers assigned to employees.

He said among the information leaked was information on customer application form 10, 800 individual customer application form which contained identification information, social security information, “and some transaction details but no credit card number of bank number or anything like that.”

Mencias said the company has since taken steps to provide further security measures, insisting that data such as credit card information was not leaked, because BEL does not store such information on its system.

“We BEL and I as the CEO would like to personally and sincerely apologize to all our customers and employees and all other stakeholders affected by this data breach and any adverse outcome that may arise out of it.

“We will be reaching out and we are reaching out to every individual customer and employee and seller whose data was uploaded unto this dark web and personally apologize and let them know what data was put out there on the dark web.

“They are a group that uses a double extortion technique, they come around and leak about five per cent of the data and tell you listen there is more we can leak, give me something or otherwise I will go another step and leak more data. In this case it seems they leaked all. We take nothing for granted. These are cyber criminal and we are not going to believe a word they say and trust them,” he told the news conference.