After suffering a cyberattack back in August, Canon has finally publicly confirmed that the attack was caused by ransomware (opens in new tab) and the cybercriminals responsible stole data from its company servers.
The camera manufacturer's IT department issued a notice to staff on August 5 explaining that the company was suffering “widespread system issues affecting multiple applications, Teams (opens in new tab), email and other systems”, but did not offer further explanation.
Canon then conducted an investigation into the incident and found evidence of unauthorized activity on its network between July 20 and August 6. According to the company, the attackers had managed to access its file servers which also hosted “information about current and former employees from 2005 to 2020 and their beneficiaries and dependents”.
- We've put together a list of the best antivirus (opens in new tab) software on the market
- Keep your devices virus free with the best malware removal (opens in new tab) software
- Also check out our roundup of the best endpoint protection (opens in new tab) software
Based on a partial screenshot of the ransom note obtained by BleepingComputer (opens in new tab), it was clear that the Maze ransomware group (opens in new tab) was responsible. Then shortly after the attack, the group reached out to the news outlet to inform them that they had stolen 10TBs of data from Canon.
Stolen employee data
In a recent notice of data security incident (opens in new tab), Canon confirmed that data accessed by the cybercriminals behind the August cyberattack included the names, Social Security numbers, dates of birth, driver's license numbers, bank account numbers and electronic signatures of its current and former employees.
Although the company is just making this information public now, it did inform its employees of the matter via an internal security notice that was sent out just after the attack on August 6.
The Maze ransomware group is responsible for a number of cyberattacks against large organizations including LG, Xerox, Allied Universal, Southwire, City of Pensacola and Canon. However, earlier this month on November 1, the group formally shut down (opens in new tab) its operations which had began about a year and a half earlier in May of 2019.
Current and former Canon employees affected by the incident can reach out to Equifax, Experian and TransUnion as they are all providing identity theft protection (opens in new tab) services for victims of the cyberattack.
- We've also highlighted the best ransomware protection (opens in new tab)
Via BleepingComputer (opens in new tab)
