Chilly storage and logistics large Americold has confirmed that over 129,000 workers and their dependents had their private info stolen in an April assault, later claimed by Cactus ransomware.
Americold employs 17,000 individuals worldwide and operates greater than 24 temperature-controlled warehouses throughout North America, Europe, Asia-Pacific, and South America.
The April community breach led to an outage affecting the corporate’s operations after Americold pressured it to close down its IT community to comprise the breach and “rebuild the impacted techniques.”
Americold additionally instructed clients by way of a personal memo issued after the assault to cancel all inbound deliveries and reschedule outbound shipments, aside from these deemed critically time-sensitive and nearing expiration.
In notification letters despatched on December 8 to 129,611 present and former workers (and dependents) affected by the data breach, the corporate revealed the attackers had been capable of steal some information from its community on April 26.
“Based mostly on the great information evaluation that was carried out and in the end accomplished on November 8, 2023, we had been capable of decide what info was affected and to whom the data associated. On account of this overview, it seems that a few of your private info might have been concerned,” the letters learn.
Private info stolen by the attackers features a mixture of title, tackle, Social Safety quantity, driver’s license/state ID quantity, passport quantity, monetary account info (reminiscent of checking account and bank card numbers), and employment-related medical health insurance and medical info for every affected particular person.
One other cyberattack hit Americold in November 2020, impacting its operations, cellphone techniques, electronic mail providers, stock administration, and order success.
Whereas a number of sources instructed BleepingComputer on the time that the 2020 breach was a ransomware assault, the corporate has but to verify it, and the ransomware group chargeable for the November 2020 assault stays unknown.
April assault claimed by Cactus ransomware
Regardless that the corporate did not join the April 2023 incident to a particular ransomware operation, the Cactus ransomware operation claimed the assault on July 21.
The gang additionally leaked a 6GB archive of accounting and finance paperwork allegedly stolen from Americold’s community, together with personal and confidential info.
The ransomware group additionally plans to launch human sources, authorized, firm audit info, buyer paperwork, and accident stories.
Cactus ransomware is a comparatively new operation that surfaced in March this yr with double-extortion assaults, first stealing information to make use of as leverage in ransom negotiations after which encrypting compromised techniques.
An Americold spokesperson was not instantly out there for remark when contacted by BleepingComputer earlier right now.
