Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Canon Says Data Stolen in August 2020 Ransomware Attack

Imaging and optical giant Canon this week revealed that data was stolen in a ransomware attack it fell victim to in early August 2020.

Imaging and optical giant Canon this week revealed that data was stolen in a ransomware attack it fell victim to in early August 2020.

The incident, discovered on August 4, resulted in threat actors having access to Canon’s network between July 20 and August 6.

Leveraging this access, the adversary obtained specific files “that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents,” Canon U.S.A. reveals.

Compromised information, the company says, includes names, along with data such as date of birth, Social Security number, driver’s license number, financial account number, government-issued identification number, and electronic signature.

“We wanted to notify our current and former employees and their beneficiaries and dependents of this incident and to assure them that we take it seriously,” Canon notes.

The ransomware family used in this attack was likely Maze, revealed a leaked ransom note that BleepingComputer got hold of in August.

The cybercriminals behind Maze are known for stealing victims’ data in an effort to convince them to pay the ransom, and they even put up a site where data of victims unwilling to pay is made public.

The attack targeting Canon was disclosed to employees within days, a screenshot of an internal message showed. In that message, the company noted that the ransomware attack was unrelated to an outage that affected a portion of long-term storage on image.canon, a cloud service for storing photos and videos.

Advertisement. Scroll to continue reading.

At the time, Canon said that, while some files stored in the affected long-term storage were lost, no data leak occurred. In an update published on August 7, the company said that no unauthorized access to image.canon was identified.

The Maze ransomware’s operators announced in early November that they closed shop. The group, which claimed to have engaged in ransomware attacks to prove organizations’ poor security practices, is believed to have made millions from its illegal operations.

Related: Pioneers of “Double Extortion” Say Maze Ransomware Project is Over

Related: Maze Ransomware Caused Disruptions at Cognizant

Related: Ransomware Operators Claim They Hacked LG

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.