Schneider Electric suffers data breach

Threat actor claims to have stolen 40GB of sensitive data from company's internal systems

Image:
Schneider Electric suffers data breach

Schneider Electric, a major player in energy management and automation, has confirmed a security breach affecting one of its internal project execution tracking platforms.

The incident, which occurred over the weekend, involved unauthorised access to sensitive data, including employee and customer information.

A threat actor identified as "Grep" on social media platform X claimed they had successfully breached the company's systems.

"Hey @SchneiderElec how was your week? Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data," the group stated on X.

In another post published on a dark web forum, the threat actor claimed they had stolen 40GB of sensitive data from Schneider Electric's internal systems.

According to Bleeping Computer, this data includes information on company projects, user data and employee details.

"This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totally more than 40GB Compressed Data," reads a post to the Hellcat extortion site.

Hackers said they gained access to Schneider Electric's Jira server using exposed credentials. Once inside the system, they allegedly scraped over 400,000 rows of user data, encompassing 75,000 unique email addresses and full names.

Hackers told Bleeping Computer that they initially operated under the name "International Contract Agency" (ICA) but rebranded after realising that the acronym ICA was also linked to a known terrorist organisation.

Now operating under the name "Hellcat," the group is currently testing an encryption tool intended for use in extortion-based attacks.

It has demanded a ransom of $125,000 in "baguettes" in exchange for not leaking the stolen data. The hackers have offered a 50% discount on the ransom if Schneider Electric publicly acknowledges the breach within a specified timeframe. This would reduce the demand to $62,500 worth of baguettes.

Schneider Electric has confirmed the security breach.

"Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment," Schneider Electric told BleepingComputer.

The company has assured customers that its products and services remain unaffected.

The company's Global Incident Response team is currently investigating the matter and taking steps to mitigate potential risks.

Schneider Electric produces a wide range of energy and automation products, from household electrical components available in major retail stores to industrial control systems and building automation solutions for enterprises.

The company employs over 150,000 people globally. It reported $28.5 billion in revenue in the first nine months of 2023.

Earlier this year, Schneider Electric acknowledged a cybersecurity incident involving its Sustainability Business division.

The attack, which occurred on 17th January, resulted in the theft of corporate data by the Cactus ransomware gang.

The attack disrupted the company's Resource Advisor cloud platform, which provides consulting services to enterprise organisations.

Last year, the firm was affected by the widespread MOVEit data theft attacks, which compromised data for over 2,700 organisations.