Top architectural firm reveals it was hit by major ransomware attack

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

American architectural powerhouse CannonDesign has begun notifying customers of a ransomware and data breach incident that happened a year and a half ago.

In a notice published on the company’s website, CannonDesign detailed when the attack happened, what type of data was stolen, and what it was doing to protect its customers.

The unnamed crooks took “a combination of certain individuals’ names, contact information, Social Security or Social Insurance numbers, driver’s license/state identification numbers, passport numbers, and dates of birth,” CannonDesign explained.

Missing key details

As seen in the notice, the attack happened “on or about” January 25, 2023, when the company spotted “suspicious activity” on its computer network. It promptly isolated the affected network, and started analyzing the incident. This review was concluded in early May 2024, after which the company took another three months before it started notifying the affected individuals.

While it did not name the threat actors behind the attack, BleepingComputer says it was told that this was the work of the Avos Locker gang. In early February last year, Avos announced hitting CannonDesign and stealing 5.7TB of sensitive data, including corporate and client files. The ransom negotiations broke down, leading to a separate threat actor, Dunghill Leaks, leaking 2TB of the archives online later in September.

This data allegedly included database dumps, project schematics, hiring documents, client details, marketing material, IT and infrastructure details, and quality assurance reports, the publication reported. It has since started circulating around the dark web, and re-emerged on multiple occasions.

Cannon said it presently has “no evidence” the information was used to commit identity theft or fraud, but it will be providing 24-month credit monitoring through Experian, regardless. It might be a little late for that, since the data was stolen a year and a half ago, and could be, in many regards, already outdated.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.