CDW, a multibillion-dollar technology services firm, is currently investigating claims of a data breach by a ransomware gang. A spokesperson for the company reported that this issue is associated with servers dedicated to the internal support of Sirius Federal, a U.S. subsidiary of CDW-G.
These servers are isolated from CDW’s primary network and are non-customer-facing. Suspicious activity related to these servers was detected, prompting CDW to initiate an investigation with internal and external cybersecurity experts, as well as contact appropriate government authorities.
Despite this isolated incident, CDW reported no operational issues or evidence of attacks on other CDW systems. The LockBit ransomware gang had claimed to have stolen data from CDW and demanded an $80 million ransom, although they reportedly received a much lower counteroffer.
CDW acknowledged that data purportedly taken from their environment had been made available on the dark web and committed to reviewing the data to take appropriate action, including notifying affected individuals.
Cybersecurity expert Jon DiMaggio, who had previously infiltrated the LockBit group, expressed concerns about the leaked data, suggesting it contained sensitive information such as employee badges, audits, commission payout data, and other account-related details.
The demand for an $80 million ransom would make it one of the highest ever publicly aired, with the LockBit gang known for operating with near impunity, consistently launching cyberattacks on various targets, including a major hospital network, a city in France, and a government-run electrical organization in Montreal within the past month. Last week, they also targeted a school district in Virginia.