Contents:
After its systems had been encrypted and its data stolen in a cyberattack carried out by the Conti ransomware group, the Nokia subsidiary SAC Wireless is now revealing it had suffered a data breach.
The organization found that Conti ransomware developers had acquired access to their systems, uploaded files to its cloud storage, and then, on June 16, deployed ransomware to encrypt the files on SAC Wireless systems.
SAC Wireless is a fully-owned, independently-operating Nokia organization with its main offices in Chicago, IL.
The company helps its clients to develop, design, build, integrate, optimize and maintain 5G and 4G LTE cell sites and also delivers in-building networks, including small cells and distributed antenna systems.
What Data Was Stolen in the Nokia Subsidiary Data Breach?
After an official investigation carried out with the help of external security specialists, the company discovered that current and former work staff’s private information was accessed and stolen during the Conti ransomware attack that occurred on August 13th.
According to the investigation, the stolen sensitive data included:
- name;
- date of birth;
- contact information (such as home and email address, phone number);
- government ID number (such as driver’s license, passport, military ID);
- social security number;
- citizenship status;
- work information (such as title, salary, evaluations);
- medical history;
- health insurance policy information;
- license plate numbers;
- digital signatures;
- certificates of marriage or birth;
- tax return information;
- and dependent/beneficiary names.
The company says that the list contains potential data compromised in the data breach and highlights that it doesn’t mean that every category of personal information noted down was compromised for every individual.
SAC Wireless Takes Measures
In order to keep this kind of incident from happening again, the Nokia subsidiary has already changed firewall rules, it had disconnected VPN connections and activated conditional access geo-location policies to limit non-U.S. access.
It also offered extra employee training, deployed additional network and endpoint monitoring tools, and expanded multi-factor authentication.
It declared it will continue to collaborate with its cyber and forensic specialists in order to fix the issue and to find the best security solutions for its systems. SAC Wireless will also continue to assess and monitor new threats and security flaws on an ongoing basis.
The company announced it hired Experian to offer customers a free 24-month membership to their identity protection services.
When contacted by BleepingComputer to ask about the incident, SAC Wireless declined to say whether the attack involved ransomware or give additional information.
SAC is aware of an incident, and we are currently investigating the matter. As we continue to assess the incident, we are in contact with relevant parties to recommend that appropriate safeguards and precautions may be taken.
Unlike the US company, the Conti ransomware gang is more than willing to provide information. The threat actor disclosed on their site that they have more than 250 GB of data belonging to SAC and threatens to publish it if the company fails to pay the ransom.