Architecture firm CannonDesign yesterday confirmed it notified 13,049 people of a January 2023 data breach that compromised names, Social Security numbers, addresses, and driver’s license numbers.
“We determined that an unauthorized third party gained access to certain parts of our network between January 19, 2023 and January 25, 2023,” the notice states.
Ransomware group AvosLocker claimed responsibility for the attack shortly after it occurred, saying it stole 5.7 TB of data including “corporate and client files”.
Then, in September 2023, another ransomware group called Dunghill Leak claimed it stole 2 TB of data from CannonDesign, including files related to projects, hiring, clients, marketing, and IT infrastructure.
CannonDesign has not verified either group’s claim. We do not yet know whether CannonDesign paid a ransom, how much the ransomware groups demanded, how attackers breached the company’s network, or why it took more than 18 months to notify victims. Comparitech contacted CannonDesign for comment and will update this article if it responds.
CannonDesign is offering victims 24 months of free credit monitoring through Experian. The enrollment deadline is November 29, 2024.
Who are AvosLocker and Dunghill Leak?
AvosLocker and Dunghill Leak are both ransomware gangs that launch attacks on organizations, crippling targets’ IT systems and stealing data.
Comparitech researchers tracked 36 confirmed ransomware attacks claimed by AvosLocker from July 2021 to April 2023, affecting 1.05 million records. It mainly targeted US healthcare and education, including Avamere Health Services (380,984 records), Jax Spine and Pain Centers (262,000 records), and Emmanuel College (89,064 records). The attack on CannonDesign occurred before AvosLocker went dark in April 2023.
Dunghill Leak began operating last year and claimed six confirmed ransomware attacks since then, according to our data. Its biggest attack was on Sysco Corporation, which affected 126,243 people.
Ransomware attacks on the US service industry
Aside from data theft, ransomware attacks on companies can disrupt operations from delivery to payroll by encrypting computer systems until a ransom is paid to decrypt them. Ransomware gangs often extort victims twice: once to restore systems, and again in exchange for not selling or publicly releasing stolen data.
In 2023, Comparitech logged 56 ransomware attacks on the US service industry, affecting 849,615 records. In 2024 so far, we recorded 22 such attacks, impacting 218,085 records. The average ransom for this industry is $524,000.
About CannonDesign
The Cannon Corporation, which does business as CannonDesign, is an architecture, design, and engineering firm based in Arlington, Virginia. Its projects include hospitals, commercial buildings, schools, hotels, sports facilities, and research buildings. It employs about 1,400 people according to external sources.