Johnson Controls says ransomware attack cost $27 million, data stolen

Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.

As first reported by BleepingComputer, Johnson Controls suffered a ransomware attack in September after the firm’s Asia offices were initially breached, and the attackers spread throughout their network.

The Dark Angels ransomware gang was behind the attack and claimed to have stolen over 27 TB of confidential data from Johnson Controls.

In a quarterly report filed with the U.S. Securities and Exchange Commission yesterday, Johnson Controls confirmed that the cyberattack they suffered on September 23, 2023, was a ransomware attack that resulted in the theft of data.

“The cybersecurity incident consisted of unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure,” confirmed Johnson Controls.

Johnson Controls expects this cost to rise in the coming months as they continue to determine what data was stolen and work with external cybersecurity forensics and remediation experts.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.