Schneider Electric, a global leader in energy management and automation solutions, recently confirmed it was targeted by the Hellcat ransomware group, resulting in a significant data breach. The attack, which occurred between November 2 and 3, exploited vulnerabilities within Schneider Electric’s internal Jira system, leading to the theft of around 40GB of data, including employee and customer information, project details, and possibly sensitive source code.
What Happened in the Schneider Electric Breach
The Hellcat group, which claimed responsibility through a member known as “Grep,” gained access to Schneider Electric’s Jira issue-tracking system, commonly used for project management and internal communications. According to reports, the breach leveraged exposed credentials, allowing the attackers to utilize the MiniOrange REST API to exfiltrate data. The attackers managed to access over 400,000 rows of data, which included around 75,000 unique email addresses and associated user names, alongside internal communications and project specifics.
Following the attack, Hellcat demanded a ransom of $125,000, humorously requesting payment in “baguettes.” The group indicated that if Schneider Electric acknowledged the breach within 48 hours, they would reduce the ransom by half. Failure to meet the demand, the group warned, would lead to the public release of the stolen data. Schneider Electric has since acknowledged the breach, confirming it is actively investigating the incident with its Global Incident Response team. The company emphasized that its products and services remain unaffected by this breach and that enhanced security measures are under consideration.
Schneider Electric’s Cybersecurity and Growing Concerns of the Industry
This incident marks Schneider Electric’s third major cybersecurity breach within the past year, raising serious concerns over data protection, particularly given the company’s role in critical infrastructure. The breach not only exposes user privacy risks but also poses potential threats to industrial and corporate espionage, especially in sectors where Schneider Electric plays a pivotal role.