Chilly storage and logistics large Americold has confirmed that over 129,000 workers and their dependents had their private info stolen in an April assault, later claimed by Cactus ransomware.
Americold employs 17,000 individuals worldwide and operates greater than 24 temperature-controlled warehouses throughout North America, Europe, Asia-Pacific, and South America.
The April community breach led to an outage affecting the corporate’s operations after Americold compelled it to close down its IT community to include the breach and “rebuild the impacted programs.”
Americold additionally informed clients through a non-public memo issued after the assault to cancel all inbound deliveries and reschedule outbound shipments, apart from these deemed critically time-sensitive and nearing expiration.
In notification letters despatched on December 8 to 129,611 present and former workers (and dependents) affected by the info breach, the corporate revealed the attackers have been capable of steal some knowledge from its community on April 26.
“Based mostly on the great knowledge evaluation that was carried out and in the end accomplished on November 8, 2023, we have been capable of decide what info was affected and to whom the data associated. Because of this evaluate, it seems that a few of your private info might have been concerned,” the letters learn.
Private info stolen by the attackers features a mixture of identify, tackle, Social Safety quantity, driver’s license/state ID quantity, passport quantity, monetary account info (corresponding to checking account and bank card numbers), and employment-related medical insurance and medical info for every affected particular person.
One other cyberattack hit Americold in November 2020, impacting its operations, telephone programs, electronic mail companies, stock administration, and order success.
Whereas a number of sources informed BleepingComputer on the time that the 2020 breach was a ransomware assault, the corporate has but to substantiate it, and the ransomware group chargeable for the November 2020 assault stays unknown.
April assault claimed by Cactus ransomware
Regardless that the corporate did not join the April 2023 incident to a selected ransomware operation, the Cactus ransomware operation claimed the assault on July 21.
The gang additionally leaked a 6GB archive of accounting and finance paperwork allegedly stolen from Americold’s community, together with non-public and confidential info.
The ransomware group additionally plans to launch human sources, authorized, firm audit info, buyer paperwork, and accident reviews.
Cactus ransomware is a comparatively new operation that surfaced in March this 12 months with double-extortion assaults, first stealing knowledge to make use of as leverage in ransom negotiations after which encrypting compromised programs.
An Americold spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier as we speak.
