November 4, 2024 at 02:24PM
Schneider Electric confirmed a breach of its developer platform, with a threat actor claiming to have stolen 40GB of data from its JIRA server, including 75,000 unique email addresses. The company’s Global Incident Response team is investigating, and its products remain unaffected. The hacker demands $125,000 in “Baguettes” not to leak the data.
### Meeting Notes Takeaways:
1. **Incident Confirmation**:
– Schneider Electric has confirmed a breach of its developer platform, specifically affecting the JIRA server.
2. **Threat Actor Details**:
– The group behind the breach is identified as “Grep,” which claims to have stolen 40GB of data, including sensitive user information.
3. **Data Compromised**:
– The breach includes 400,000 rows of user data, with 75,000 unique email addresses belonging to Schneider Electric employees and customers. Key elements such as projects, issues, and plugins were also compromised.
4. **Response Actions**:
– Schneider Electric’s Global Incident Response team has been mobilized to investigate and mitigate the incident. They assured that their products and services remain unaffected.
5. **Threat Actor’s Demands**:
– Grep has humorously demanded $125,000 in “Baguettes” to refrain from leaking the data and has stated that if Schneider Electric does not acknowledge the breach within 48 hours, they will leak the stolen data.
6. **New Hacking Group**:
– Grep mentioned forming a new hacking group named International Contract Agency (ICA), which does not engage in extortion but will leak data if companies do not acknowledge breaches.
7. **Previous Incident**:
– This is not Schneider Electric’s first incident, as their “Sustainability Business” division suffered a Cactus ransomware attack earlier this year, resulting in the theft of terabytes of data.
8. **Next Steps**:
– It remains to be seen how Schneider Electric will respond to the threat of data leakage and whether any further action will be taken by the hacker group.