CommScope employees say they haven’t heard from executives in more than a week about how the company is responding to a ransomware attack that allowed hackers to steal large amounts of company and employee data from its systems.
The tech giant, which designs and builds network infrastructure products for businesses, hospitals, schools and federal networks, recently admitted it was hit by a ransomware attack on March 27 after some of the company’s stolen files subsequently appeared online.
A ransomware gang known as Vice Society has claimed responsibility for the attack by posting the company’s stolen data to its dark web leak site, which it uses to blackmail victims by threatening to publish internal files as a ransom is not paid.
The stolen data includes large amounts of internal documents, technical drawings, internal company databases, invoices and company expenses. Some data also includes employee personal information.
Several CommScope employees told businessroundups.org that their last communication from executives about the cyberattack was on April 18, saying the company “continued to work quickly to review and validate the data allegedly posted on the dark web. “
“We believe that all employee data involved in this incident may have been inadvertently stored outside of our cloud-based employee information systems,” CommScope general counsel Justin Choi told employees in an email.
An email sent to employees a day earlier said the company said it has “no evidence” to suggest any employee data was involved.
businessroundups.org has seen files containing the personal information of thousands of people who are or were employed by CommScope. The files contain home addresses, social security numbers and bank account information. Some files are dated as they were written by an employee who is no longer with CommScope. Another file contains a list of thousands of former employees, their names, addresses and social security numbers. More recent data includes a folder containing scans of some employees’ unexpired passports and immigration visas, including one of a child.
When reached for comment, CommScope declined to say how many people it has notified of the breach so far.
“CommScope continues to work diligently on its research to review the data at stake. We will work as quickly as possible, but these kinds of data reviews take time and we want to be accurate and complete in our notifications to affected individuals. We will continue to communicate directly with our employees where appropriate, as we have throughout the incident,” said Cheryl Przychodni, a spokesperson for CommScope.
Employees tell businessroundups.org that the ransomware attack caused widespread disruption across the company for several days, including manufacturing plants where the company builds some of its products.
An employee said they saw a ransom note on their work computer that read, “All your files have been encrypted by Vice Society.” The ransom note contains links to Vice Society’s dark web leak site containing the company’s stolen files, and several email addresses used by the gang to negotiate ransoms with victims.
When reached by email, the hacker group told businessroundups.org, “Where did you get this email?”
It is not clear whether CommScope paid a ransom.