Nokia subsidiary SAC Wireless has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach their networks, steal data and encrypt systems. SAC Wireless helps customers design, build and upgrade cellular networks including 5G, 4G LTE, smallcell and FirstNet.
The company identified that its network had been breached by Conti ransomware operators on June 16, after deploying its payload and encrypting the SAC wireless system.
The Nokia subsidiary found that personal information relating to current and former employees. The theft also took place during the ransomware attack on August 13, after a forensic investigation conducted with the help of external cyber security experts.
According to the investigation, the stolen sensitive data included:
- Date of birth.
- Contact information.
- Government ID number.
- Social security number.
- Citizenship status.
- Work information.
- Medical history.
- Health insurance policy information.
- License plate numbers.
- Digital signatures.
- Certificates of marriage or birth.
- Tax return information.
- Dependent/beneficiary names.
In response to the ransomware attack, SAC has taken several measures to prevent future breaches, including:
- Modified firewall rules,
- Disconnected VPN connection,
- Active conditional access geo-location policies to limit non-US access,
- Provided additional employee training,
- Deploy additional network and endpoint monitoring tools,
- Extended MFA
- Deployed additional threat hunting and endpoint detection and response equipment.
While the company declined to acknowledge the ransomware attack and did not provide further details about the extent of the damage, the Conti ransomware gang revealed on their leak site that they stole more than 250GB of data.