Enzo Biochem’s $4.5M Ransomware Fallout: A Comedy of Cybersecurity Errors

Enzo Biochem must fork over $4.5 million to three state attorneys general after a 2023 ransomware attack compromised data of 2.4 million people. The New York-based biotech biz was found guilty of various cybersecurity malpractices. New York, New Jersey, and Connecticut will split the penalty with New York getting the lion’s share.

3P
Published: August 14, 2024 5:07 pmAdded: August 14, 2024 at 1:00 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Enzo Biochem’s cybersecurity practices were so outdated, they might as well have been using stone tablets and chisels. No wonder they got hacked! But hey, at least they’ve got a shiny new security plan now. Better late than never, right?

Key Points:

  • Enzo Biochem hit with a $4.5 million penalty due to a 2023 ransomware attack.
  • Investigation revealed poor credential hygiene and lack of multi-factor authentication (MFA).
  • Data of over 2.4 million people compromised, with New York residents being the majority.
  • Enzo failed to encrypt all sensitive data and relied on manual network monitoring.
  • Post-attack, Enzo implemented a 15-point security improvement plan, including Zero Trust.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?