Rhysida Ransomware Group Auctions Data Stolen from London Talent Agency

The Rhysida ransomware group, known for its attack on the British Library in 2023, has claimed responsibility for a cyberattack on a London talent agency. The agency, established in 1995 and representing notable figures in film, television, and theater, has reported the incident to the UK's Information Commissioner's Office (ICO). Rhysida is reportedly auctioning the stolen data for 7 Bitcoins, equivalent to $678,035. The group has already published a sample of the stolen data, including passport scans and internal documents, on its data leak site. The auction is scheduled to conclude on Thursday morning, potentially coinciding with a deadline for the agency to meet the extortion demands. The ICO has confirmed receipt of the report from the agency and is currently investigating the matter. While reporting to the ICO does not automatically indicate a data breach punishable by law, it suggests the incident could potentially impact the rights and freedoms of data subjects. Cybersecurity experts advise organizations to patch vulnerabilities, especially in VPNs, and enable multi-factor authentication to mitigate the risk of such attacks.