Security Experts:

Canon Says Data Stolen in August 2020 Ransomware Attack

Canon, ransomware, Maze, data stolenImaging and optical giant Canon this week revealed that data was stolen in a ransomware attack it fell victim to in early August 2020.

The incident, discovered on August 4, resulted in threat actors having access to Canon’s network between July 20 and August 6.

Leveraging this access, the adversary obtained specific files “that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents,” Canon U.S.A. reveals.

Compromised information, the company says, includes names, along with data such as date of birth, Social Security number, driver's license number, financial account number, government-issued identification number, and electronic signature.

“We wanted to notify our current and former employees and their beneficiaries and dependents of this incident and to assure them that we take it seriously,” Canon notes.

The ransomware family used in this attack was likely Maze, revealed a leaked ransom note that BleepingComputer got hold of in August.

The cybercriminals behind Maze are known for stealing victims’ data in an effort to convince them to pay the ransom, and they even put up a site where data of victims unwilling to pay is made public.

The attack targeting Canon was disclosed to employees within days, a screenshot of an internal message showed. In that message, the company noted that the ransomware attack was unrelated to an outage that affected a portion of long-term storage on image.canon, a cloud service for storing photos and videos.

At the time, Canon said that, while some files stored in the affected long-term storage were lost, no data leak occurred. In an update published on August 7, the company said that no unauthorized access to image.canon was identified.

The Maze ransomware’s operators announced in early November that they closed shop. The group, which claimed to have engaged in ransomware attacks to prove organizations’ poor security practices, is believed to have made millions from its illegal operations.

Related: Pioneers of "Double Extortion" Say Maze Ransomware Project is Over

Related: Maze Ransomware Caused Disruptions at Cognizant

Related: Ransomware Operators Claim They Hacked LG

view counter