Content, Breach

PCM Breach: Hackers Gain Microsoft Office 365 Credentials at IT Solutions Provider

Hackers breached IT solutions provider PCM Inc. and stole Microsoft Office 365 administrative credentials for client accounts, according to Krebs on Security. It's the latest in a growing list of cyberattacks that specifically target channel partners, MSPs (managed IT service providers) and solutions providers.

PCM apparently discovered the breach in May 2019 -- about a month before Insight Enterprises announced plans to acquire PCM for $581 million. It's unclear if the breach was discovered as part of the due diligence M&A (merger and acquisition) process.

In a statement to KrebsOnSecurity, PCM said the company:

“recently experienced a cyber incident that impacted certain of its systems.

581 milFrom its investigation, impact to its systems was limited and the matter has been remediated. The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers. To the extent any PCM customers were potentially impacted by the incident, those PCM customers have been made aware of the incident and PCM worked with them to address any concerns they had.”

The breach allegedly involved the same hacker group that attacked WiPro. Research about that attack and other related breaches surfaced earlier this week from RiskIQ.

Breaches: MSPs, IT Solutions Providers, IT Consultants Under Attack

The IT channel and service provider markets are beginning to resemble war zones, as hackers carpet bomb the industries with all types of attacks. In many cases, the attackers use service providers to island hop across supply chains and infiltrate end-customer systems.

The fallout so far includes:

Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.