Puma suffers data breach caused by Kronos ransomware attack

(Image credit: Future)

The impact of last year's Kronos ransomware attack is still being felt, with sports equipment company Puma now confirming it has suffered a related breach.

As reported by Bleeping Computer, Kronos filed a breach notification with several attorney generals’ offices earlier this month, which states that the attackers took data on Puma employees and their dependents from the Kronos Private Cloud (KPC).

"Since the attack was discovered, Kronos has been conducting a comprehensive review of the impacted environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition," said a letter delivered to affected Puma employees last week.

Puma employees under attack

In the filing provided to the Office of the Maine Attorney General, Kronos said that a total of 6,632 individuals have had their data stolen, including Social Security numbers.

To mitigate the effects of the data breach, Kronos has offered the affected individuals a care package that includes two years of free Experian IdentityWorks membership (credit card monitoring, identity restoration, and identity theft insurance).

Commenting on the news, Puma's Senior Head of Communications, Kerstin Neuber, said that no Puma customer data was impacted.

> Christmas bonuses could be delayed after HR and payroll giant Kronos hit by ransomware attack

> Moncler confirms ransomware attack and data breach

> Here's why tape could be your best shot at defeating ransomware

Before encrypting all of the data on the target network, ransomware operators usually download as much of it as possible. That way, they can threaten to release the data online if the victim declines to pay the ransom or attempts to restore its systems from backup.

Not only do data leaks mean competitors might edge ahead, but they also mean data watchdogs and other government organizations may come crashing down, demanding heads roll for the breach of privacy.

Nonetheless, many firms choose not to cave in to ransom demands, with a view to disincentivizing future attacks. There is also no guarantee the threat actor will return the stolen data as promised.

You might also want to check out our list of the best endpoint protection software right now

Via BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.