French IT services giant Atos said its systems have not been compromised after a ransomware group claimed to have stolen data belonging to the company.
A cybercrime group named Space Bears listed Atos on its Tor-based leak website last week, claiming to have obtained a “company database”.
Shortly after, Atos issued a statement saying that it had been investigating the data breach claims, but its initial analysis had shown “no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to-date”.
In an updated statement issued on Friday, Atos said the ransomware group’s allegations are “unfounded”, but it did confirm that the cybercriminals may have obtained some data pertaining to the company.
“No infrastructure managed by Atos was breached, no source code accessed, and no Atos IP or Atos proprietary data exposed,” Atos said.
It added, “Atos understands that external third-party infrastructure, unconnected to Atos, has been compromised by the group Space Bears. This infrastructure contained data mentioning the Atos company name, but is not managed nor secured by Atos.”
The exact origin of the data obtained by Space Bears remains unclear, but Atos told SecurityWeek that the data mentioning Atos is either public information or technical data containing no sensitive information.
Based on its website, the Space Bears group has been around since at least the spring of 2024. Its site currently lists over 40 victims. The hackers are threatening to leak the stolen Atos data in less than two days.
This is not the first time Atos has been mentioned on a ransomware group’s website. The notorious gang BlackBasta listed Atos on its leak site in July 2024, claiming to have stolen 710 Gb of data, including personal information and confidential corporate files. Atos does not appear to have addressed those claims.
In 2023, Atos confirmed that the Cl0p ransomware group stole some data from a backup folder associated with a company it had acquired after exploiting a zero-day vulnerability in GoAnywhere MFT software. The GoAnywhere campaign had hit several major organizations.
Related: New York Hospital Says Ransomware Attack Data Breach Impacts 670,000
Related: Cisco Confirms Authenticity of Data After Second Leak
Related: Rhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits Website
Related: American Addiction Centers Data Breach Impacts 422,000 People
