Kyocera AVX reports that a ransomware attack affected 39,000 people.

Kyocera AVX Components Corporation (KAVX) has issued notifications about a data breach that revealed personal information of 39,111 people after a ransomware attack. [...]

Nov 10, 2023 - 02:17
  Source
 0  67
Kyocera AVX reports that a ransomware attack affected 39,000 people.

Kyocera AVX Components Corporation (KAVX) has issued data breach notifications to 39,111 individuals after falling victim to a ransomware attack that compromised personal information. KAVX, a U.S.-based subsidiary of the Japanese tech conglomerate Kyocera, specializes in the manufacture of sophisticated electronic components and boasts an impressive annual revenue of $1.3 billion.

The breach notification reveals that unauthorized access to KAVX systems occurred between February 16 and March 30, 2023, with the company only becoming aware of the intrusion on October 10, 2023. The cyber incident led to the encryption of select systems and temporarily disrupted specific services at the company's South Carolina facilities in Greenville and Myrtle Beach.

KAVX's subsequent inquiry into the breach confirmed that personal data, including individuals' full names and Social Security Numbers (SSNs), was among the compromised information. While the company indicated that additional data might have been affected, those details were redacted in the sample notice provided.

Despite no current evidence of the misappropriation of the stolen data, KAVX cautions affected parties about the potential risks of identity theft and fraud. As a precautionary measure, the company is offering a complimentary 12-month subscription to dark web monitoring and password leak detection services for those impacted by the breach.

LockBit claimed responsibility

The LockBit ransomware gang claimed to have compromised KAVX on May 26, 2023, when it added the firm to its data leak site.

KAVX on the LockBit extortion portal
KAVX on the LockBit

Cybercriminals have released a selection of the data exfiltrated from KAVX on their ransomware leak site, showcasing various sensitive documents ranging from passport scans and financial records to non-disclosure agreements. The ultimatum given to KAVX by the attackers to meet their ransom demands expired on June 9, 2023.

Among the leaked files were detailed component schematics and intricate technical blueprints, raising concerns that the breach could lead to the disclosure of KAVX's proprietary and potentially patented technological secrets to rival companies.