Americold, a major cold storage and logistics company, confirmed a data breach in April that exposed personal information of over 129,000 employees and their dependents. The attack, later claimed by the Cactus ransomware group, led to a shutdown of Americold’s IT network to contain and rebuild impacted systems. In a notification sent on December 8, the company informed affected individuals that the attackers stole data, including names, addresses, Social Security numbers, driver’s license details, passport numbers, financial account information, and employment-related health insurance and medical information. The Cactus ransomware group had also claimed responsibility for the attack in July and leaked a 6GB archive of accounting and finance documents.
Americold’s April 2023 breach prompted the company to shut down its IT network, affecting operations and leading to the rescheduling of shipments. The notification letters sent to affected individuals detailed the nature of the exposed personal information, emphasizing the severity of the incident. Americold, which employs 17,000 people globally and operates numerous temperature-controlled warehouses, had previously faced a cyberattack in November 2020, impacting various systems. The Cactus ransomware group, a relatively new player in the cybercriminal landscape, employs double-extortion tactics, stealing data for leverage in ransom negotiations before encrypting compromised systems.
While Americold did not initially attribute the April 2023 incident to a specific ransomware group, the Cactus ransomware operation later claimed responsibility and leaked sensitive documents. The group plans to release additional information, including human resources, legal, company audit details, customer documents, and accident reports. The incident underscores the increasing threats faced by companies in the logistics and storage sector, with ransomware groups exploiting vulnerabilities for financial gain and the potential for further data exposure. Americold’s proactive communication with affected individuals and transparency about the nature of the breach is crucial in mitigating the impact and addressing potential consequences.