Employee passports, contracts, and NDA's – the company won't be able to forget this incident for a long time.
OmniVision, a well-known manufacturer of image sensors that are now used to operate cameras in a variety of smartphones around the world, has announced a data security breach following a ransomware attack. Headquartered in California, the company employed a total of 2,200 people in 2023 and generated $1.4 billion in annual revenue.
Last week, OmniVision notified California authorities of a security breach that occurred from September 4 to September 30, 2023, when the company's systems were encrypted with the Cactus ransomware.
"On September 30, 2023, OVT became aware of a security incident that led to the encryption of some of the company's systems by a third party," the notice says.
"In response to this incident, a comprehensive review involving third-party cybersecurity experts was immediately launched, and law enforcement agencies were notified. The audit found that an unauthorized person gained access to some personal information in the company's systems during the period from September 4 to September 30, 2023, " OmniVision representatives said.
The investigation of the incident was completed only on April 3, 2024. It turned out that the attackers stole the company's confidential data. At the same time, the notification does not specify exactly what data was stolen, and the number of affected persons is also unknown.
However, judging by the data of hackers from the Cactus group, who published their own notification on October 17, 2023 on their website, the following data samples were stolen:
The Cactus ransomware group itself appeared about a year ago, exploiting vulnerabilities in VPN devices to access corporate networks. They have previously attacked large companies such as Americold and Schneider Electric.
In response to the security incident and data leak, OmniVision has taken steps to secure its environment and detect suspicious activity more quickly. The company also offers 24-month credit monitoring and identity recovery services for employees affected by the attack.
OmniVision, a well-known manufacturer of image sensors that are now used to operate cameras in a variety of smartphones around the world, has announced a data security breach following a ransomware attack. Headquartered in California, the company employed a total of 2,200 people in 2023 and generated $1.4 billion in annual revenue.
Last week, OmniVision notified California authorities of a security breach that occurred from September 4 to September 30, 2023, when the company's systems were encrypted with the Cactus ransomware.
"On September 30, 2023, OVT became aware of a security incident that led to the encryption of some of the company's systems by a third party," the notice says.
"In response to this incident, a comprehensive review involving third-party cybersecurity experts was immediately launched, and law enforcement agencies were notified. The audit found that an unauthorized person gained access to some personal information in the company's systems during the period from September 4 to September 30, 2023, " OmniVision representatives said.
The investigation of the incident was completed only on April 3, 2024. It turned out that the attackers stole the company's confidential data. At the same time, the notification does not specify exactly what data was stolen, and the number of affected persons is also unknown.
However, judging by the data of hackers from the Cactus group, who published their own notification on October 17, 2023 on their website, the following data samples were stolen:
- Scanned copies of employees passports;
- Non-Disclosure Agreements (NDAs);
- Partner contracts;
- Other confidential documents.
The Cactus ransomware group itself appeared about a year ago, exploiting vulnerabilities in VPN devices to access corporate networks. They have previously attacked large companies such as Americold and Schneider Electric.
In response to the security incident and data leak, OmniVision has taken steps to secure its environment and detect suspicious activity more quickly. The company also offers 24-month credit monitoring and identity recovery services for employees affected by the attack.
