Canon Finally Confirms August Attack Exposed Staff Data

Camera maker Canon has finally admitted it has suffered a major ransomware attack, months after it was first reported.

In early August Bleeping Computer reported that Canon had suffered a significant ransomware attack that resulted in 10TB of data being compromised.

The attack reportedly impacted numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications.

Staff data

Now three months later, Canon has (belated) in a public statement to Californian residents, confirmed that staff data has been compromised, in an attack that took place between 20 July and 6 August.

In the statement, Canon also confirmed the scale of the bad news, when it said that the data accessed by the attacker included staff names, social security numbers, date of birth, driver’s license numbers or government-issued ID, the bank account number for direct deposits from Canon, and even their electronic signature.

A veritable treasure-trove of juicy personal data for online criminals to exploit.

What will trigger stern questions is why it took Canon the best part of three months to publicly admit customer data had been compromised in a ransomware attack?

The firm had reportedly admitted the breach to its staff in an internal memo on 6 August.

“Canon understands the importance of protecting information,” the firm stated. “We are informing current and former employees who were employed by Canon USA Inc. and certain subsidiaries, predecessors, and affiliates from 2005 to 2020 and those employees’ beneficiaries and dependents of an incident that involved some of their information.”

“We identified a security incident involving ransomware on August 4, 2020,” it stated. “We immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations. We notified law enforcement and worked to support the investigation. We also implemented additional security measures to further enhance the security of our network.”

Canon said that it had taken three months to complete “a careful review of the file servers on November 2, 2020,” which apparently determined (surprise, surprise) that there “were files that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents.”

“We wanted to notify our current and former employees and their beneficiaries and dependents of this incident and to assure them that we take it seriously,” the firm stated. “As a precaution, we have arranged for them to receive a complimentary membership to Experian’s IdentityWorksSM credit monitoring service.”

Maze ransomware

Bleeping Computer had obtained a screenshot of the ransom demand back in August, that showed that the Maze ransomware group was responsible.

Then shortly after the attack, the hacker group reached out to the news outlet to inform it that they had stolen 10TBs of data from Canon.

Maze ransomware has attacked plenty of targets.

In June Maze ransomware was used to compromise the computer network of Westech International and steal confidential documents.

What made that particular attack so concerning was that Westech is a contractor for the US military, and is heavily involved with the American nuclear deterrent as a sub-contractor for Northrup Grumman, providing engineering and maintenance support for the Minuteman III intercontinental ballistic missile (ICBM).