Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.
As first reported by BleepingComputer, Johnson Controls suffered a ransomware attack in September after the firm’s Asia offices were initially breached, and the attackers spread throughout their network.
The Dark Angels ransomware gang was behind the attack and claimed to have stolen over 27 TB of confidential data from Johnson Controls.
In a quarterly report filed with the U.S. Securities and Exchange Commission yesterday, Johnson Controls confirmed that the cyberattack they suffered on September 23, 2023, was a ransomware attack that resulted in the theft of data.
“The cybersecurity incident consisted of unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure,” confirmed Johnson Controls.
Johnson Controls expects this cost to rise in the coming months as they continue to determine what data was stolen and work with external cybersecurity forensics and remediation experts.