After three months of investigation, Canon has now officially confirmed that it was attacked by Maze ransomware. The threat actor has accessed and stolen files worth 10TB, which contained PII of its employees from 2005 to 2020. During the attack, one of the company’s cloud storage service was hacked, causing initial suspicion.
Maze Ransomware Hacked Canon
Canon is one of the finest players in the imaging field. The US wing of the company was attacked by a ransomware group in August this year and had been investigating the incident since then. While it didn’t specially mention a ransomware attack then, the Maze group claimed the attack through its site.
This began when users of Canon started complaining about the (image.canon) service. It’s a cloud platform from Canon to let users store their photos and videos upto 10TB. Many have reported losing data, which led Canon to investigate the matter.
In an internal memo to its employees, Canon noted this incident as “extensive system issues,” which also affected “multiple applications – Teams and email among them, unavailable.”
While it didn’t specifically mention any ransomware attack, BleepingComputer reported the perpetrator to be Maze group.
And after three months, Canon has officially admitted the ransomware attack, where it said that about 10TB worth of data was stolen from its network servers.
The data includes “employees’ names, Social Security number, date of birth, the number for the driver’s license number or government-issued ID, the bank account number for direct deposits from Canon, and their electronic signature.”
It should also be noted that the data belonged to both current and former employees, along with their beneficiaries and dependents. While the Maze group confirmed to have stolen the 10TB data from Canon as its operation, it denied attacking the image.Canon site.