Enterprise Resource Planning (ERP) system eViridis has reportedly suffered a significant data breach, potentially impacting its clients as well. A Threat Actor (TA) has claimed responsibility for the eViridis data breach, stating they have compromised and exfiltrated the company's entire data set, including email logs and client information. eViridis is owned and operated by US-based investment and advisory services firm, Aveniras LLC. The TA is allegedly selling the stolen database on the dark web, with prices starting at US $500.

Details of eViridis Data Breach 

eViridis was established in the year 2010 to develop business-to-business software solutions for the emerging aftermarket electronics industry, including aftermarket resale, part harvesting, and electronics recycling. The company offers consulting services to assist recyclers and corporations. On its website, the company states, “For more than 10 years eViridis has been helping some of the largest Manufacturing, Media, Financial Services and Healthcare companies in the world transform labor intensive, manual ways of working into streamlined digital processes and workflows.” [caption id="attachment_80273" align="alignnone" width="1790"] Source: eViridis website[/caption] According to the company's profile on the internet, there are around 200 employees in the firm which has a revenue worth $31.1 million. eViridis data breach was allegedly executed by threat actor, who is operating under the alias “jewwu”. In his post on dark web marketplace BreachForums, the TA shared that the stolen data impacts not just the company but also its clients. The TA apparently compromised email logs, client data, and other company information. The bad actor also shared a few screenshots to support the assertions of data breach. This includes data like user login id and passwords, server login credentials, documents like count of assets, audit evaluation results and load acknowledgment report. The screenshots of the alleged data breach also contained data of eViridis clients such as evTerra Recycling, Jabil and Estrella TV. [caption id="attachment_80274" align="alignnone" width="2087"] Source: X[/caption] Explaining further details of the data breach, the TA wrote, “The full size of this breach is around 2.1TB. Granted I only have about 61GB of this archived, I still have access to the other 1.61TB of information but I currently do not have the space to download it all, so there is a chance I may lose access once this thread gains traction. 61GB is definitely safe and available though.” The bad actor was willing to negotiate and sell the stolen data for USD $500 and up. [caption id="attachment_80275" align="alignnone" width="1047"] Source: X[/caption]

Potential Impact of eViridis Data Breach

If proven, the potential consequences of this data breach could be critical as the sensitive data including financial details of the firm as well as the clients could be leaked. The organizations should take appropriate measures to protect the privacy and security of the stakeholders involved. Financial data breaches can lead to identity theft, financial fraud, and a loss of trust among clients, potentially jeopardizing the company’s standing in the industry. Currently, details regarding the extent of the data breach, data compromise, and the motive behind the cyber assault remain undisclosed. Despite the claims made by the threat actor, the official websites of the targeted companies remain fully functional. This discrepancy has raised doubts about the authenticity of the bad actor’s assertion. To ascertain the veracity of the claims, The Cyber Express has reached out to eViridis and its parent company Aveniras LLC. As of writing this news report, no response has been received, leaving the data breach claims unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.