After the Conti ransomware gang started leaking the company’s data in March, American automotive equipment maker Snap-on disclosed a data breach that exposed associate and franchisee data. Snap-on had to take down all of its systems due to suspicious behavior on its network.
Snap-on is a significant producer and creator of transportation-related products, software, and diagnostic services, including names such as Mitchell1, Blackhawk, Blue-Point, Norbar, and Williams.
“In early March, Snap-on detected unusual activity in some areas of its information technology environment. We quickly took down our network connections as part of our defense protocols, particularly appropriate given heightened warnings from various agencies,” a notice on the Snap-on website reads. “We launched a comprehensive analysis assisted by a leading external forensics firm, identified the event as a security incident, and notified law enforcement of the incursion.”
After investigating, Snap-on found threat actors took personal data belonging to workers between March 1st and March 3rd, 2022. According to a data breach notification filed with the California Attorney General’s office, Snap-on believed the incident impacted associate and franchisee data, including names, dates of birth, Social Security numbers, and employee identification numbers. Snap-on will provide a free one-year subscription to the IDX identity theft protection program for affected ones.
While Snap-on’s data breach announcement provided little information on the incident, an anonymous report in early March revealed that Mitchell1, one of Snap-on’s subsidiaries, was experiencing a ransomware downtime. Mitchell1 had tweeted about the outage at first, but the messages were quickly removed from Twitter and Facebook. However, another source revealed that Mitchel11’s parent company, Snap-on, was the target of the cyberattack.
Soon after, threat intelligence analyst Ido Cohen discovered that the Conti ransomware group had claimed responsibility for the Snap-on attack and had started leaking nearly 1 GB of data supposedly seized during the operation. According to prominent security analysts who believe Snap-on paid a ransom to avoid the data being stolen, the Conti gang swiftly erased the data breach, and Snap-on has yet to reappear on their data leak site.
Snap-on has yet to respond to a request for confirmation on whether the revealed data leak is connected to the purported Conti ransomware attack.