Trove of data hacked from Chattanooga Chamber may be for sale online

Staff file Photo / Attendees enjoy lunch during the Chattanooga Area Chamber of Commerce's annual meeting in 2016.

A transparency activist shared information online Saturday indicating a massive trove of data stolen from the Chattanooga Area Chamber of Commerce is up for sale.

Emma Best, founder of nonprofit whistleblower group Distributed Denial of Secrets, tweeted Saturday morning that a ransomware firm had claimed 77 gigabytes of information allegedly taken from the chamber in the Dec. 9 hack.

The screenshot Best posted showed the hackers advertised the information as including "sample of signatures, signed internal documents, W-9, lists of employees, budget data, investor lists with phones and email, financial documents, payroll data, lots of W-2 (2016-2020), accounting files, audits, banking, payroll information, passwords "

The chamber can only say that a forensic investigation of the hack is ongoing, said Sybil Topel, vice president for marketing and communications. She added that the chamber does not store the financial or payment information of its members.

Reached via the secure messaging app Signal, Best provided a link to the posting of the information on a ransomware blog, but also cautioned that it's difficult to know how accurate the posting is.

"Presumably it's real but it's just a claim without proof right now," they said.

Best's work, and the work of Distributed Denial of Secrets, has been recognized by publications including Business Insider and The Washington Post.

Chamber officials alerted members Dec. 13 that the organization's technology systems had been hacked Dec. 9, potentially compromising the emails and passwords of thousands of accounts. The chamber has 1,800 to 2,000 business members, Topel said at the time.

"At this time, we are concerned that member emails and passwords may have been compromised, in addition to publicly available information such as business name and address," the chamber wrote in a message to members on the evening of Dec. 13. "Since it is common to reuse passwords for multiple applications, we recommend that you change critical passwords and update your online security measures for other websites and programs as a precaution."

Fred Cobb, the executive vice president and chief information security officer for InfoSystems, said the volume of information the hackers claim to have stolen is "a tremendous amount of data, but what's most important is not the amount but the type of data."

A simple document would be small, but could contain a great deal of sensitive information, he said.

Attacks on technology systems are epidemic, and it's difficult to truly recover information that has been accessed, he said.

"Once it's out there, it's out there," he said.

Contact Mary Fortune at mfortune@timesfreepress.com. Follow her on Twitter at @maryfortune.