Snap-on reveals data breach claimed by Conti ransomware gang


US auto tool maker Snap-on announced a data breach that exposed employee and franchisee data after the Conti ransomware gang began leaking the company’s data in March.

Snap-on is a leading manufacturer and designer of tools, software and diagnostic services used by the transportation industry through several brands, including Mitchell1, Norbar, Blue-Point, Blackhawk and Williams.

Yesterday, Snap-on disclosed a data breach after discovering suspicious activity in their network, forcing them to shut down all of their systems.

“In early March, Snap-on discovered unusual activity in some parts of its information technology environment. We quickly cut our network connections as part of our defense protocols, especially fitting given heightened alerts from several agencies,” reads a message on the Snap – on the website.

“We launched a comprehensive analysis, assisted by a leading third-party forensics firm, identified the event as a security incident and notified law enforcement of the raid.”

After conducting an investigation, Snap-on discovered that threat actors had stolen personal data from employees between March 1 and March 3, 2022.

“We believe the incident involved employee and franchisee data, including information such as: names, Social Security numbers, birthdates and employee identification numbers,” reveals a Snap-on data breach notification filed with the attorney general’s office. General of California.

Snap-on offers those affected a free one-year subscription to the IDX identity theft protection service.

Conti claimed an attack on Snap-on

While Snap-on’s report of a data breach didn’t shed much light on the attack, BleepingComputer received an anonymous tip in early March that said one of Snap-on’s subsidiaries, Mitchell1, was experiencing an outage caused by a ransomware attack.

Mitchell1 had initially tweeted about the outage, but quickly deleted the posts from Twitter and Facebook.

Mitchell1 tweet about the outage deletedMitchell1 tweet about the outage deleted

Customer tweet about deleted tweets

However, another source told BleepingComputer that it was not Mitchel11 who was the victim of an attack, but their parent company Snap-on.

Shortly after, threat intelligence researcher Spotted Ido Cohen that the Conti ransomware gang claimed to have attacked Snap-on and started leaking nearly 1 GB of documents allegedly stolen during the attack.

Ensar tweet

The Conti gang quickly removed the data breach and Snap-on has stopped appearing on their data breach site, leading security researchers to tell BleepingComputer that they believe Snap-on paid a ransom not to leak the data.

BleepingComputer has reached out to Snap-on to confirm whether the disclosed data breach is related to the alleged Conti ransomware attack, and we’ll update this story if we hear anything.

Who is Conti Ransomware?

Conti is a ransomware operation carried out by a Russian hacking group known for other malware infections, such as Ryuk, TrickBot and BazarLoader.

Conti often breaches a network after corporate devices are infected with the BazarLoader or TrickBot malware infections, which provide remote access to the hacking group.

Once they gain access to an internal system, they spread through the network, steal data and deploy the ransomware.

The Conti gang recently suffered their own data breach after they sided with Russia over the invasion of Ukraine, leading a Ukrainian researcher to publish nearly 170,000 internal chat conversations between the Conti ransomware gang members and the Conti ransomware source code.

Constantly siding with Russia in the invasion of UkraineConstantly siding with Russia in the invasion of Ukraine
Source: BleepingComputer

Conti is known for past attacks on high profile organizations including Ireland’s Health Service Executive (HSE) and Department of Health (DoH), the City of Tulsa, Broward County Public Schools and Advantech.

Due to the ongoing activity of the cybercrime gang, the US government has issued an advisory on Conti ransomware attacks.

This post Snap-on reveals data breach claimed by Conti ransomware gang

was original published at “”