After suffering a cyberattack back in August, Canon has finally publicly confirmed that the attack was caused by ransomware and the cybercriminals responsible stole data from its company servers.
The camera manufacturer’s IT department issued a notice to staff on August 5 explaining that the company was suffering “widespread system issues affecting multiple applications, Teams, email and other systems”, but did not offer further explanation.
Canon then conducted an investigation into the incident and found evidence of unauthorized activity on its network between July 20 and August 6. According to the company, the attackers had managed to access its file servers which also hosted “information about current and former employees from 2005 to 2020 and their beneficiaries and dependents”.
Based on a partial screenshot of the ransom note obtained by BleepingComputer, it was clear that the Maze ransomware group was responsible. Then shortly after the attack, the group reached out to the news outlet to inform them that they had stolen 10TBs of data from Canon.
Stolen employee data
In a recent notice of data security incident, Canon confirmed that data accessed by the cybercriminals behind the August cyberattack included the names, Social Security numbers, dates of birth, driver’s license numbers, bank account numbers and electronic signatures of its current and former employees.
Although the company is just making this information public now, it did inform its employees of the matter via an internal security notice that was sent out just after the attack on August 6.
The Maze ransomware group is responsible for a number of cyberattacks against large organizations including LG, Xerox, Allied Universal, Southwire, City of Pensacola and Canon. However, earlier this month on November 1, the group formally shut down its operations which had began about a year and a half earlier in May of 2019.
Current and former Canon employees affected by the incident can reach out to Equifax, Experian and TransUnion as they are all providing identity theft protection services for victims of the cyberattack.