Hackers released thousands of CommScope employees’ bank account and Social Security numbers.
The Vice Society ransomware gang’s dark web leak site mentioned the North Carolina-based network infrastructure provider, which serves hospitals, schools, and federal institutions.
The listing links to company data stolen. When cash ransom demands fail, ransomware criminals disclose stolen data.
TechCrunch examined internal records, invoices, and technical drawings. The trove includes full names, postal addresses, email addresses, personal numbers, Social Security numbers, and bank account information for thousands of CommScope employees. Employee passports and visas are in another leaked folder.
Hackers stole MyCommScope client portal and intranet backups from the company’s network. Unencrypted data included CommScope customer and employee email addresses.
The number of affected employees is unknown. CommScope employs over 30,000 worldwide.
TechCrunch reported that CommScope found “unauthorized access to a portion of our IT infrastructure that we determined was the result of a ransomware incident” on March 27.
Przychodni said, “Upon discovery, we immediately launched a forensic investigation with the assistance of a leading cybersecurity firm and reported the matter to law enforcement.” The company is investigating Vice Society’s claims that it published company data.
“We are working with our third-party experts to validate those claims and understand the nature of the information at issue as a top priority,” she said. “We are quickly reviewing any affected data.”
CommScope did not respond to our concerns about the exposed employee data or whether it alerted affected employees.
Przychodni noted that CommScope has seen no evidence that customer information was accessed during the incident, but he declined to clarify if the business has the means—like server logs—to establish what data was taken from its systems.
CommScope did not disclose how its networks were accessed or whether the Vice Society hackers contacted it.
In 2022, Vice Society ransomware gang cyberattacks against healthcare and education grabbed headlines. One of the greatest breaches saw hackers post 500GB of stolen sensitive data from the Los Angeles Unified School District (LAUSD), including psychological assessments and other student data.
Trend Micro claimed Vice Society will likely remain a “significant player” in the ransomware environment after targeting manufacturing.