"OmniVision Says Personal Information Stolen in Ransomware Attack"

Semiconductor manufacturing giant OmniVision Technologies has recently disclosed a data breach following a ransomware attack it suffered in September 2023. The company said that the incident was discovered on September 30, 2023, after certain systems were encrypted by malware. The investigation was completed on April 3, 2024, and it was determined that, between September 4 and September 30, the attackers stole personal information from certain OmniVision systems. While the company did not mention who was behind the attack, the Cactus ransomware group claimed responsibility for the incident by adding OmniVision to its leak site in October 2023. Cactus claimed the theft of roughly 3.5 terabytes of data from the semiconductor manufacturer, and made the data available for download in December, likely as the result of a failed extortion attempt. OmniVision Technologies did not disclose what type of personal information was stolen during the attack, but the data leaked by Cactus, if real, included confidential documents, non-disclosure agreements, other business documents, and passport scans.

SecurityWeek reports: "OmniVision Says Personal Information Stolen in Ransomware Attack"