Cold storage giant Americold discloses data breach after April malware attack

Trending 2 months ago

Americold

Cold accumulator and acumen behemothic Americold has accepted that over 129,000 advisers and their audience had their claimed advice baseborn in an April attack, after claimed by Cactus ransomware.

Americold employs 17,000 bodies common and operates added than 24 temperature-controlled warehouses above North America, Europe, Asia-Pacific, and South America.

The April arrangement breach led to an abeyance affecting the company's operations afterwards Americold affected it to shut bottomward its IT arrangement to accommodate the aperture and "rebuild the impacted systems."

Americold additionally told barter via a clandestine announcement issued afterwards the advance to abolish all entering deliveries and reschedule outbound shipments, except for those accounted alarmingly time-sensitive and advancing expiration.

In notification letters sent on December 8 to 129,611 accepted and above advisers (and dependents) afflicted by the abstracts breach, the aggregation appear the attackers were able to abduct some abstracts from its arrangement on April 26. 

"Based on the absolute abstracts appraisal that was performed and ultimately completed on November 8, 2023, we were able to actuate what advice was afflicted and to whom the advice related. As a aftereffect of this review, it appears that some of your claimed advice may accept been involved," the belletrist read.

Personal advice baseborn by the attackers includes a aggregate of name, address, Social Security number, driver's license/state ID number, authorization number, banking anniversary advice (such as case anniversary and acclaim agenda numbers), and employment-related bloom allowance and medical advice for anniversary afflicted individual.

Another cyberattack hit Americold in November 2020, impacting its operations, buzz systems, email services, account management, and adjustment fulfillment.

While assorted sources told BleepingComputer at the time that the 2020 aperture was a ransomware attack, the aggregation has yet to affirm it, and the ransomware accumulation amenable for the November 2020 advance charcoal unknown.

April advance claimed by Cactus ransomware

Even admitting the aggregation didn't affix the April 2023 adventure to a specific ransomware operation, the Cactus ransomware operation claimed the advance on July 21.

Cactus Americold aperture pageCactus Americold aperture folio (BleepingComputer)

The assemblage additionally leaked a 6GB annal of accounting and accounts abstracts allegedly baseborn from Americold's network, including clandestine and arcane information. 

The ransomware accumulation additionally affairs to absolution animal resources, legal, aggregation analysis information, chump documents, and abstract reports.

Cactus ransomware is a almost new operation that alike in March this year with double-extortion attacks, aboriginal burglary abstracts to use as advantage in bribe negotiations and again encrypting compromised systems.

An Americold agent was not anon accessible for animadversion back contacted by BleepingComputer beforehand today.