TV advertising sales giant affected by ransomware attack

A television advertising sales and technology company jointly owned by the three largest U.S. cable operators was hit with a ransomware attack in recent weeks that affected operations.

Ampersand — owned by Comcast Corporation, Charter Communications and Cox Communications — provides viewership data to advertisers about 85 million households and has existed since 1981. Last weekend, the Black Basta ransomware gang claimed to have attacked the company, according to cybersecurity researcher Dominic Alvieri.

In a statement to Recorded Future News, the company confirmed it had dealt with a ransomware incident but declined to say when the attack occurred or whether a ransom would be paid.

“Ampersand recently experienced a ransomware incident that briefly interrupted regular operations. We have restored a majority of normal business operations and are working with third-party advisors and law enforcement to address this issue,” a spokesperson said.

“This process will take time to complete, and we are committed to a thorough analysis. We regret any concern or inconvenience this incident may have caused.”

Black Basta did not say how much data was stolen from the company and has yet to publish any samples of information.

Black Basta posts Ampersand TV, co owned by Comcast, Charter & Cox Communications.@comcast @CoxComm @CharterNewsroom pic.twitter.com/lOabMDOI2r

— Dominic Alvieri (@AlvieriD) October 16, 2023

Ampersand collects troves of information on TV viewership across more than 165 networks and helps companies tailor their advertisements to specific audiences. The company was originally founded as a one-stop-shop for advertisers to buy cable programming in local TV markets.

After its founding in 1981, it rebranded as National Cable Advertising in 1988 following a partnership with the three biggest cable companies in the U.S. It now serves as the backbone of the $6 billion local television advertising business.

All three of the companies that own Ampersand have faced their cybersecurity incidents in recent years.

In 2021, Cox was attacked by ransomware actors based in Iran while Charter saw the personal information of 550,000 customers leaked in a third-party breach in January. In December, thousands of Comcast customers reported having their accounts hacked.

Dozens of TV-related businesses have faced attacks across the world, with channels in Portugal, Russia, Ireland, Slovenia, the U.S., Australia, Iran and https://therecord.media/lockbit-takes-credit-kvie-pbs-ransomware dealing with incidents. Last week, one of the biggest TV channels in Spain was forced off the air for several hours after a cyberattack.

Black Basta has been one of the most high-profile ransomware gangs currently operating, taking credit for brazen attacks on the American Dental Association, German wind farm operator Deutsche Windtechnik, British outsourcing company Capita, Swiss tech giant ABB and German arms company Rheinmetall.

The gang leaked information from the Raleigh Housing Authority in North Carolina two months ago.

Cybersecurity researchers tied the long-running cybercrime cartel known as FIN7 to the Black Basta ransomware operation in a report published late last year.