Canon confirms ransomware attack in August exposed employees' personal data

Hackers accessed names, Social Security numbers, and bank account details of current and former employees

Camera maker Canon has finally accepted that it was hit by a ransomware attack in August, in which sensitive data was stolen from its servers.

In a data security incident notice issued last week, Canon revealed that a security incident involving ransomware was identified on 4^th August 2020. The company's security team took steps to address the incident and to restore normal operations.

Law-enforcement agencies were notified and an investigation initiated to identify the culprits. The company also engaged a cyber security firm to support the investigation.

The investigation revealed that the attackers responsible for the attack were able to illegally access the company's network between 20th July 2020 and 6th August 2020. The unauthorised access enabled hackers to steal some information about company's current and former employees from 2005 to 2020, as well as their beneficiaries and dependents.

The data compromised included names, dates of birth, Social Security numbers, drivers license numbers, bank account details and electronic signatures.

This cyber incident was first disclosed by Bleeping Computer in August, which claimed the company's IT department issued a notice to staff on 5th August explaining that they were trying to address "widespread system issues affecting multiple applications, Teams, email and other systems".

The news outlet also claimed that the Maze ransomware group was behind the attack, and was able to steal 10TB of data from the company's servers.

The cybercriminals behind Maze have made headlines in the last year for encrypting computers at a large number of organisations across the world. The group threatens to leak confidential information of organisations that refuse to pay ransom to the group.

In January, Maze operators threatened to release data stolen from several victims who had refused to pay the ransom. The group listed the names of nearly 25 victims on its website, including Busch's Inc., Southwire, BST & Co., MDL, RBC, Lakeland Community College, Bakerwotring, Vernay, Groupe Igrec, BILTON, THEONE, Fratelli Beretta, Groupe Europe Handling, Mitch Co International, Auteuil Tour Eiffel and Randalegal.

The group shut down its operations earlier this month, according to media reports.

Canon says it has informed all affected employees about the cyber security incident and has also arranged for them to receive a free subscription to Experian's credit monitoring service that helps to help identify the possible misuse of compromised information.

"[I]t is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorised activity," the company said.

"If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General's office in your state."

"You should also contact your local law enforcement authorities and file a police report."