As a response to this post, Tipalti reached out to us and asked us to post the following statement:
> Tipalti takes the security of our systems and data very seriously and has strong security protocols and tools in place. The Tipalti cybersecurity team and third-party forensic experts have been continually investigating this threat and_ have found no evidence of any breach or data leak of Tipalti or Tipalti customer data._
Accounting software provider Tipalti says it is investigating a claim by ransomware group ALPHV that they have gained access to Tipalti's systems.
Tipalti makes software for accounting and payment automation and has some big names among its customers. In what seems to be a typical supply chain attack, ALPHV aka BlackCat are now threatening some Tipalti customers, including Roblox and Twitch:
> “We are systematically reaching out to affected clients of Tipalti, the first batch (consisting of organizations with the most data exfiltrated), have been sent communications requesting initial contact.”
Organizations who share these file lists, samples or notes with Tipalti run the risk of having their data leaked immediately.
The ransomware group claim to have had access since September 8, 2023. Since then, they say they have stolen 265 GB of data, including data for Twitch and Roblox, who they say they will extort separately.
Screenshot of the ALPHV leak site
A Roblox spokesperson told BleepingComputer that the company is working with Tipalti to investigate the claims, but is currently unaware of any impact on its systems. The spokesperson stated they haven’t been contacted by anyone about the security incident, to which ALPHV responded on their leak site:
> “Re: statement by Roblox to BleepingComputer. Just because you haven't been contacted yet, does not mean you are not affected.”
ALPHV is one of the most active ransomware-as-a-service (RaaS) operators and regularly appears in our monthly ransomware reviews as one of the top 5 most active groups. Recently they made headlines when one of their affiliates, known as Scattered Spider attacked MGM. They also last week filed a SEC complaint about one of their victims for failing to disclose a breach.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.