Canon Confirms August Ransomware Attack: Troves of Employees’ Personal Information Were Stolen
Canon has published a notice that confirms a ransomware attack on its servers that took place between July 20 and August 6, 2020. The company notes that the attack targeted a server containing a significant amount of its employees’ personal information.
Initial reports of the ransomware attack claimed that over 10 terabytes of data were stolen and leaked internal emails at the time confirmed a massive attack. Canon states that it became aware of the ransomware on August 4 and “immediately began to investigate” the situation. The company brought on a cybersecurity firm and worked with law enforcement to support the investigation.
As part of the notice, Canon stated that the server that was targeted housed a significant amount of its employees’ personal information, including Social Security number, driver’s license number or government-issued identification number, financial account number provided to Canon for direct deposit, electronic signature, and date of birth.
Employees affected encompassed anyone who works or has worked for Canon from 2005 through 2020.
Canon says that it has implemented additional security measure to further enhance the security of its network and also, “as a precaution,” arranged for all those who could have been affected by the breach to receive membership to Experian’s IdentityWorks credit monitoring service to help detect possible misuse of any of that stolen information.
It should be noted that Experian has itself suffered from data breaches in the past.
While the breach does not appear to have resulted in any customer information being compromised, that is likely of little consolation to the thousands of Canon employees who have worked at the company since 2005.
Canon’s full statement on the attack can be read here.