The cybercriminal group ShinyHunters has issued a ransom demand to ZenBusiness, threatening to leak stolen internal company data if payment is not received by March 25.

Key points

• ShinyHunters set a March 25 deadline for ZenBusiness to pay a ransom or face the public release of stolen internal files.
• The threat actors reportedly gained access to company systems by using vishing techniques to trick employees into granting remote device access.
• ZenBusiness, a US-based platform supporting small business formation, joins a list of recent victims including Infinite Campus, Telus, and Crunchyroll.
• Security researchers warn that the breach could expose sensitive customer and employee personally identifiable information (PII).

This incident highlights the growing success of vishing attacks in compromising corporate platforms and underscores the significant data security risks facing small business service providers. A potential leak could damage the company's competitive standing and compromise the private information of its extensive user base.