Kyocera AVX Components Corporation (KAVX) is grappling with the aftermath of a ransomware attack that has led to a data breach exposing the personal information of 39,111 individuals.
As a subsidiary of the Japanese semiconductor giant Kyocera and a significant American manufacturer of advanced electronic components, KAVX detected the cyber incident on October 10, 2023. The breach, which occurred between February 16 and March 30, 2023, affected servers in South Carolina, resulting in the encryption of a limited number of systems and temporary disruption of certain services.
In the notification to affected individuals, KAVX revealed that the compromised servers contained global personal information, including at least full names and Social Security Numbers (SSNs). While the full extent of the exposed details remains censored, the company is taking proactive measures by covering the costs for a 12-month dark web monitoring and password leak service for all impacted individuals.
The LockBit ransomware gang claimed responsibility for the attack on May 26, 2023, and set a ransom deadline of June 9, 2023. The threat actors not only accessed sensitive data but also leaked component schematics and technical drawings, raising concerns about the potential exposure of proprietary designs and patented information to competitors. KAVX reassures affected individuals that there is no evidence of the stolen data being abused by cybercriminals.
However, the notification emphasizes the associated risks of identity theft and fraud, urging recipients to exercise caution. The incident underscores the persistent and evolving threat landscape posed by ransomware attacks, with threat actors increasingly targeting organizations not only for financial gain but also to compromise sensitive intellectual property. The response from KAVX reflects a commitment to mitigating the potential fallout for affected individuals through comprehensive monitoring services and transparency regarding the nature of the breach.