CannonDesign, a leading U.S. architectural, engineering, and consulting firm, has confirmed a significant data breach linked to an Avos Locker ransomware attack that occurred between January 19-25, 2023. The attack involved unauthorized access to CannonDesign’s network, resulting in the exfiltration of sensitive data. Over 13,000 clients have been notified that their personal information, including names, addresses, Social Security numbers, and driver’s license details, may have been compromised.
The breach was discovered on January 25, 2023, but the firm’s investigation into the incident extended until May 3, 2024. Notification letters to affected individuals offer 24-month credit monitoring through Experian to address the risks stemming from the data exposure. Despite the delay in addressing the breach, CannonDesign is taking steps to mitigate potential impacts on its clients.
The stolen data, which includes corporate and client information, has been disseminated across various online platforms. Avos Locker ransomware claimed responsibility for the attack, initially announcing it had stolen 5.7 TB of data. The data has appeared on Dunghill Leaks, hacker forums, and other dark web sites over the past year, raising concerns about the potential misuse of the compromised information.
CannonDesign has indicated that it is unaware of any confirmed misuse of the stolen data, though it has been published online multiple times. The firm’s response highlights the ongoing challenges of managing data security in the face of sophisticated ransomware attacks. This incident underscores the importance of robust cybersecurity measures and timely responses to data breaches to protect sensitive information and mitigate risks to clients.
Reference:
