Multinational sportswear maker Puma surfaces as one of the victims in a ransomware attack against Kronos, a cloud-based HR management company.
Data breach notification submitted on February 3 by the Ultimate Kronos Group (UKG) says that threat actors took Puma's employee's personal information from the cloud system operated by Kronos.
Last December, Kronos reported it was hit by a ransomware attack that prevented UKG clients from accessing staff management and payroll processing services. The severity of the attack meant employees in the US were left without paychecks for weeks following the attack.
"While our investigation of this matter is ongoing, we have determined that a malicious actor or actors accessed the cloud-based environment earlier in 2021, stole data from that environment, and encrypted the environment," reads data breach notice by Kronos.
The company claims that a review of the impacted environments confirmed that cybercriminals stole personal information. UKG claims to have informed Puma about the incident.
"On January 7, 2022, Kronos confirmed that some of your personal information was among the stolen data. We notified PUMA of this incident on January 10, 2022," reads the breach notice.
A different data breach notification on the incident indicates that the breach affected 6,632 persons. According to the notice, threat actors acquired personal identifiers of Puma employees, including their social security numbers.
Cyberattacks are increasing in scale, sophistication, and scope. The last 18 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.
The prevalence of ransomware has forced governments to take multilateral action against the threat. It's likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline and arrest the Cl0p ransomware cartel members.
Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
More from CyberNews:
Subscribe to our newsletter