Schneider Electric acknowledges data breach, 40GB of corporate data allegedly stolen
French multinational company Schneider Electric confirms that a threat actor was able to gain access to the company’s network and steal sensitive corporate data.
“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” the company says in a statement to Recorded Future News.
A spokesperson acknowledges that the company’s Global Incident Response Team has been mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.
Last Saturday, a ransomware group called HellCat claimed responsibility for the recent cybersecurity incident.
“We have successfully breached Schneider Electric’s infrastructure, accessing their Atlassian Jira system. This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB compressed data,” the hacking group says on their leak site.
Schneider Electric is one of the world’s largest leaders in energy management and digital automation. The company employs over 153,000 employees and had an annual revenue of approximately €36 billion last year.
The company is now at risk of exposing sensitive customer and operational information, HellCat says.
“To secure the deletion of this data and prevent its public release, we require a payment of $125,000 in baguettes. Failure to meet this demand will result in the dissemination of the compromised information. Stating this breach will decrease the ransom by 50%, it’s your choice Olivier,” the group states.
‘Olivier’ is a reference to Olivier Blum, the CEO of Schneider Electric.
BleepingComputer spoke to one of HellCat’s members, a threat actor called ‘Grep’. He claims to have used a MiniOrange REST API to scrape 400,000 rows of user data, which included 75,000 full names and unique email addresses for Schneider Electric employees and customers.
In addition, the hacker says he recently formed a new hacking group, International Contract Agency (ICA), which is named after the Hitman: Codename 47 game. Grep says his group doesn’t extort the companies they breach. Instead, it will leak all exfiltrated data if it doesn’t acknowledge the breach within 48 hours.
HellCat is a ransomware operation that emerged last week and we know little about. According to the FBI, the group has conducted more than 30 ransomware attacks this year.
This isn’t the first time Schneider Electric has to deal with hackers. Last January, the company’s Sustainability Business division suffered a ransomware attack. Ransomware group Cactus allegedly stole terabytes of sensitive information about customers’ power utilization, industrial control and automation systems, and compliance with environmental and energy regulations.
The attack was restricted to one division and did not impact other parts of the company.
Your email address will not be published. Required fields are marked