American architectural powerhouse CannonDesign has begun notifying its clients about a ransomware incident and data breach that occurred a year and a half ago.
In a notice posted on the company's website, CannonDesign detailed when the attack occurred, what type of data was stolen and what it was doing to protect its customers.
The anonymous criminals took “a combination of certain individuals’ names, contact information, Social Security numbers, driver’s license/state ID numbers, passport numbers and birth dates,” CannonDesign explained.
Key details missing
As seen in the notice, the attack occurred “on or about” January 25, 2023, when the company detected “suspicious activity” on its computer network. It quickly isolated the affected network and began analyzing the incident. This review was concluded in early May 2024, after which it took another three months for the company to begin notifying affected individuals.
While it did not name the threat actors behind the attack, Computer beeping He says he was told this was the work of the Avos Locker gang. In early February last year, Avos announced it had attacked CannonDesign and stolen 5.7TB of sensitive data, including corporate and client files. Negotiations for the ransom failed, leading to an independent threat actor, Dunghill Leaks, leaking 2TB of the files online in late September.
According to the publication, this data allegedly included database dumps, project schematics, contracting documents, client details, marketing material, IT and infrastructure details, and quality control reports. It has since begun circulating on the dark web and has resurfaced on multiple occasions.
Cannon said he currently has “no evidence” that the information was used to commit identity theft or fraud, but he will still provide 24 months of credit monitoring through Experian. It may be a little late for that, as the data was stolen a year and a half ago and may be, in many ways, already out of date.
Through Computer beeping
