On September 6, 2024, Creative Playthings experienced a significant security incident when users of their Virtual Machine (VM) environment were unable to access email and other business systems. According to the company’s IT support vendor, the system had been compromised by a type of malware known as PLAY. In response, the vendor deleted all files from the compromised server to eliminate the malware. Although the company’s vendor is working to restore the virtual machines from a backup, they are unable to determine what actions the attackers took before the deletion.
Creative Playthings discovered that sensitive employee data, including social security numbers stored in Excel spreadsheets, could have been accessed during the breach. The company had these files on a company drive with restricted access, intended only for authorized users such as human resources. Since the breach involved ransomware, and the attackers’ communication was automated, Creative Playthings opted not to engage with the attackers, hoping that no further actions would be taken by the criminals.
Although the company cannot guarantee that the attackers will not take additional steps, they are notifying current and former employees who worked at Massachusetts locations within the past two years. As a precaution, Creative Playthings is offering 24 months of complimentary credit monitoring services to potentially affected individuals. This free service is provided through Aura, a company specializing in identity protection.
To ensure employees can sign up for the credit monitoring service, Creative Playthings has set up a process where affected individuals can contact customer support via email or phone. Those who wish to enroll must do so before November 1, 2024, and will receive a unique code for signing up for Aura’s identity protection service. This proactive measure is intended to help mitigate any potential risks from the breach and provide support to affected employees.
Reference:
