Top architecture firm reveals it has been hit by major ransomware attack
American architecture firm CannonDesign has started informing clients about a ransomware and data breach incident that occurred a year and a half ago.
CannonDesign detailed in a post on the company’s website when the attack occurred, what kind of data was stolen, and what the company is doing to protect its customers.
The anonymous crooks took “a combination of specific individuals’ names, contact information, social security numbers, driver’s license/state identification numbers, passport numbers, and dates of birth,” CannonDesign explained.
Missing key details
As noted in the notice, the attack occurred “on or about” January 25, 2023, when the company noticed “suspicious activity” on its computer network. It immediately isolated the affected network and began analyzing the incident. This review was completed in early May 2024, with the company taking another three months to notify affected individuals.
While the names of the threat actors behind the attack were not mentioned, BleepingComputer says it was told this was the work of the Avos Locker gang. In early February last year, Avos announced that it had attacked CannonDesign and stolen 5.7TB of sensitive data, including company and customer files. Ransom negotiations failed, leading to a separate threat actor, Dunghill Leaks, leaking 2TB of archives online later in September.
The data is said to include database dumps, project schedules, hiring documents, client details, marketing materials, IT and infrastructure details, and quality assurance reports, the publication reported. It has since started circulating on the dark web, and has resurfaced multiple times.
Cannon said it currently has “no evidence” that the information has been used to commit identity theft or fraud, but it will offer 24 months of credit monitoring through Experian regardless. It may be a little late for that, given that the data was stolen a year and a half ago and could already be out of date in many ways.
Via BleepingComputer
