Americold, a major cold storage and logistics company, has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack.
The attack, later claimed by the Cactus ransomware group, resulted in the theft of a significant amount of data, including names, addresses, Social Security numbers, driver’s licenses, financial information, and health insurance information.
Table of Contents
Americold Data Breach
The data breach, which occurred on April 26, 2023, led to an outage affecting Americold’s operations. The company was forced to shut down its IT network to contain the breach and “rebuild the impacted systems.”
This disruption impacted not only Americold’s internal operations but also its customers, who were asked to cancel inbound deliveries and reschedule outbound shipments except for those deemed critically time-sensitive.
Americold Discloses Breach After April Malware Attack
On December 8, 2023, Americold notified the 129,611 affected individuals about the data breach.
The notification letters stated that “some data from its network” was stolen on April 26th and that the company had completed a comprehensive data analysis to determine what information was affected and to whom it belonged.
The company, which operates 250 temperature-controlled warehouses worldwide, revealed the incident in a breach report to regulators in Maine on December 8, 2023.
This incident marks the second time in recent years that Americold has been hit by a cyberattack. In November 2020, the company experienced another attack that impacted its operations, phone systems, email services, inventory management, and order fulfillment.
While the company has not confirmed it, several sources believe this attack was a ransomware attack.
Cactus Ransomware Claims Responsibility for April Attack
While Americold did not initially link the April 2023 incident to a specific ransomware group, the Cactus ransomware operation took credit for the attack on July 21st.
The group released a 6GB archive of stolen data, including accounting and finance documents, private and confidential information, and human resources, legal, and company audit information. They have also threatened to release customer documents and accident reports.
Cactus ransomware is a relatively new operation that emerged in March 2023. They employ a double-extortion tactic, first stealing data to use as leverage in ransom negotiations and then encrypting compromised systems.
Investigations
The law firm of Federman & Sherwood has initiated an investigation into Americold Logistics, with respect to their recent data breach.
Contact for more information: Lacrista A. Bagley, FEDERMAN & SHERWOOD, (405) 235-1560
In the wake of this attack, Americold must take steps to rebuild trust with its employees and customers. They must also address the underlying security vulnerabilities that allowed this breach to occur.
Additionally, this incident highlights the need for stricter regulations on ransomware attacks. Governments need to take action to make it more difficult for ransomware groups to operate and to hold them accountable for their actions.