CommScope, a network infrastructure company based in North Carolina with more than 30,000 global employees, has suffered a data breach and leak following an apparent ransomware attack last month.
Hackers from the Vice Society ransomware operation managed to access CommScope's network and exfiltrate data backups from the company's intranet and customer portal.
According to TechCrunch, the stolen data include internal documents, invoices, and technical drawings, as well as personally identifiable information (PII) of thousands of employees—including names, email addresses, mailing addresses, personal phone numbers, Social Security numbers, bank account information, and scans of passports and visa documentation.
The trove of data was discovered April 14th on the Dark Web leak site of Vice Society, available for sale, an indication that ransom demands may not have been met by CommScope.
Cheryl Przychodni, Corporate Communications Lead for CommScope, said the company detected "unauthorized access to a portion of our IT infrastructure that we determined was the result of a ransomware incident" on March 27th, the TechCrunch article noted. "Upon discovery, we immediately launched a forensic investigation with the assistance of a leading cybersecurity firm and reported the matter to law enforcement," Przychodni said.
The company declined to say whether it had communicated with the Vice Society perpetrators.
Most of the files were in Spanish, according to SiliconAngle, "suggesting that the ransomware attack occurred in a Spanish-speaking country. One document found was a copy of a letter from the Office of the Director General of Education in Mexico. CommScope has multiple locations in Mexico."
[RELATED: Hackers Release Los Angeles School District Data]
The Vice Society ransomware gang first began making waves in 2022 with attacks on several high-profile targets, including the San Francisco rapid transit system and Los Angeles Unified School District. Research from cybersecurity vendor Trend Micro indicates the group's initial focus was the healthcare and education sectors which later moved to include the manufacturing industry.