CommScope employees left in the dark after ransomware attack
CommScope employees say they haven't heard from executives in over a week about how the company is responding to a ransomware attack, which allowed hackers to steal reams of corporate and employee data from its systems.
The technology giant, which designs and builds network infrastructure products for companies, hospitals, schools and federal networks, recently admitted it was hit by a ransomware attack on March 27 after some of the company's stolen files subsequently appeared online.
A ransomware gang known as Vice Society claimed responsibility for the attack by posting the company's stolen data to its dark web leak site, which it uses to extort victims by threatening to publish internal files if a ransom demand isn't paid.
The stolen data contains troves of internal documents, technical drawings, internal corporate databases, invoices and corporate spending. Some of the data also includes employees' personal information.
Several CommScope employees told TechCrunch that their last communication from executives about the cyberattack was on April 18, saying the company was "continuing to work expeditiously to review and validate the data asserted to have been posted on the dark web."
"We believe any employee data involved in this incident would have been inadvertently stored outside our cloud-based human resources information systems," CommScope general counsel Justin Choi told employees in an email.
An email sent to employees a day earlier said the company said it does "not have evidence" to suggest employee data was involved.
TechCrunch has seen files containing personal data of thousands of people who are, or once were, employed by CommScope. The files include home addresses, Social Security numbers and bank account information. Some of the files are dated, given they were authored by an employee who no longer works at CommScope. Another file contains a list of thousands of former employees, their names, addresses and Social Security numbers. More recent data includes a folder containing scans of some employee's unexpired passports and immigration visas, including one belonging to a child.
When reached for comment, CommScope declined to say how many people it has notified about the breach so far.
"CommScope continues to work expeditiously on its investigation to review the affected data. We’re moving as quickly as possible, however, these types of data reviews take time and we want to be accurate and complete in our notifications to affected individuals. We continue to maintain direct communication with our employees, as appropriate, as we have throughout the entirety of this incident," said Cheryl Przychodni, a spokesperson for CommScope.
Employees tell TechCrunch that the ransomware attack caused several days of widespread disruption across the company, including plant production, where the company builds some of its products.
One employee said they saw a ransom note on their work computer, which read: "All of your files have been encrypted by Vice Society." The ransom note includes links to Vice Society's dark web leak site containing the company's stolen files, and several email addresses used by the gang for negotiating a ransom with victims.
When reached by email, the hacker group told TechCrunch: "Where did you get this mail?”
It's not clear if CommScope paid a ransom.