On August 1, 2022, Semikron reported a possible data breach stemming from what appears to be a ransomware attack. While the company’s investigation is still ongoing and the exact information that was leaked as a result of the incident has not yet been determined, the German Federal Office for Information Security reports that the ransomware attackers are threatening to leak up to 2 TB of data to the dark web. On August 4, 2022, Semikron posted an update on the company’s website, promising to notify all affected parties when its investigation concludes.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Semikron data breach, please see our recent piece on the topic here.
What We Know About the Recent Semikron Ransomware Attack
According to two notices posted on the Semikron website, on August 1, 2022, Semikron learned that it was the victim of a “cyber-attack by a professional hacker group.” Evidently, the hackers told Semikron management that certain data was stolen from the company’s computer system. Initially, Semikron could not validate the hackers’ claims; however, the company noted that portions of its computer network were encrypted.
In response, Semikron notified law enforcement and began working with a cybersecurity firm to investigate the incident and determine whether any consumer data was leaked as a result. The company’s investigation is ongoing, and in an August 4, 2022 press release, the company noted that “We do not have any definite information about data leaks at this moment.” Semikron also explained that, as soon as the company determines the scope of the breach, it will notify any parties whose information was affected.
Semikron is a German manufacturing company that designs and manufactures semiconductor parts. Semikron was founded in 1951 and is currently based in Nuremberg, Germany. The company has manufacturing sites across the world, including in Germany, Brazil, China, France, India, Italy, Slovakia and the United States. Semikron employs more than 3,000 people and generates approximately $423 million in annual revenue.
The Semikron Cyberattack Illustrates the New Trend in Ransomware Attacks
To the company’s credit, Semikron has seemingly done everything it can to keep consumers and other interested parties apprised of the recent ransomware attack. This is important for potential victims as it gives them an opportunity to protect themselves in the event a hacker obtained their personal or sensitive information. However, it is also essential that potential victims understand what is at stake.
Hackers and cybercriminals have always used ransomware attacks to make money off of victims. However, it used to be that the main incentive for paying a ransom was to regain access to an encrypted device or computer network. Essentially, hackers could keep a victim company locked out of its system indefinitely unless and until it paid the ransom. However, more recently, hackers have started to use additional incentives, namely threatening to publish stolen information to the dark web if a company does not pay a ransom.
For companies, data breaches pose a major PR concern because no company wants to be seen as playing fast and loose with consumers’ private information. Thus, the threat of publishing data to the dark web—which guarantees it can be accessed by criminals—presents a very real concern for corporations.
However, perhaps the better approach to avoiding both social and financial liability that may follow in the wake of a ransomware attack is to take a proactive approach to prevent these attacks in the first place. Companies are in the best position to do this by employing robust data security systems and ensuring all employees are properly trained about the risks of phishing and other cyber threats.
