RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack.
On December 27th, RRD filed a Form 8-K with the SEC disclosing that they suffered a “systems intrusion in its technical environment” that led to the shut down of their network to prevent the attack’s spread.
The shut down of IT systems led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks, and motor vehicle documentation.
While RRD initially said they were not aware of any client data stolen during the attack, on January 15th, the Conti ransomware gang claimed responsibility and began leaking 2.5GB of data allegedly stolen from RRD.
However, a source told BleepingComputer that Conti soon removed the data from public view after RRD began further negotiations to prevent the release of data.