Response Regarding the Lapsus$ Breach

Since last week, you have undoubtedly seen the Sitel Group® and Sykes names in the news. In full transparency, we are cooperating with law enforcement on this ongoing investigation and are unable to comment publicly on some of the details of the incident.

Published ·March 29, 2022

Reading time·3 min

Since last week, you have undoubtedly seen the Sitel Group® and Sykes names in the news. In full transparency, we are cooperating with law enforcement on this ongoing investigation and are unable to comment publicly on some of the details of the incident. For our valued clients, the discretion we have both ethically and contractually prevents us from commenting on details of this incident as well. 

Sitel Group remains committed to maintaining discretion and respect for the brands we support, protecting our customers’ confidentiality first and foremost.  

For public interest, Sitel Group would like to clarify several points that have been portrayed inaccurately in recent media coverage.  

Background 

In August 2021, Sitel Group acquired Sykes Enterprises, Inc. As a result, legacy Sykes is now part of Sitel Group.  

Late on January 20, 2022, Sitel Group was made aware of a security incident affecting a portion of the legacy Sykes network only. Following this security incident, Sitel Group took swift action to contain the attack and to notify and protect any potentially impacted clients who were serviced by the legacy organization. The next morning, on January 21, 2022, Sitel Group issued client-facing communications to notify customers who were possibly impacted by this incident. 

Also on January 21, the Sitel Group Global Security and Technology team also enlisted a highly experienced, cybersecurity leader to conduct an immediate and comprehensive forensic investigation of the matter. As of the initial identification of the incident, Sitel Group has maintained ongoing and regular communications with the customers who may have been impacted by this incident.  

As a result of the investigation, for which Sitel Group teams made a report available on March 17, 2022, to impacted clients, along with an ongoing assessment of external threats, the Sitel Group Security team believes there is no longer a security risk regarding this incident. 

Even after the completion of the initial investigation, Sitel Group continues to work in partnership with our cybersecurity partner to assess potential security risks to both the Sitel Group infrastructure and to the brands Sitel Group supports around the globe.  

Addressing Certain Reported Inaccuracies 

When Sitel Group was alerted of this incident by a client, investigations were already underway. Sitel Group engaged with its cybersecurity partner at 12:57 a.m. ET on January 21, 2022.  

Several media articles have falsely alleged that a spreadsheet was disclosed that contained compromised passwords and contributed to the security incident. This “spreadsheet” identified in recent news articles simply listed account names from legacy Sykes but did not contain any passwords. The only reference to passwords in the spreadsheet was the date in which passwords were changed per listed account; no passwords were included in this spreadsheet. Such information is inaccurate and misleading and did not contribute to the incident. 

Conclusion 

As stated earlier in this article, Sitel Group is working directly with law enforcement on this ongoing investigation. At this stage, Sitel Group does not intend to release any additional information regarding this security incident to protect the confidentiality of both the investigation and its customers.