US manufacturing company Parker-Hannifin Corporation has announced a data breach exposing employees’ personal identifiable information (PII) after Conti ransomware actors published reportedly stolen data last month.
The firm, one of the largest companies in the world in motion control technologies, revealed in a press release that an unauthorized third party gained access to its IT systems between the dates of March 11 and March 14 2022.
An investigation conducted by the company determined that the unauthorized party accessed and likely acquired certain files on its IT systems, which included information related to current and former employees, their dependents and members of Parker’s Group Health Plans (including health plans sponsored by an entity acquired by Parker). This information may have included individuals’ names in combination with one or more of the following: Social Security numbers, dates of birth, addresses, driver’s license numbers, US passport numbers, financial account information (bank account and routing numbers), online account usernames/passwords, enrollment information (including health insurance plan member ID numbers) and dates of coverage.
The investigation also revealed that files also included dates of service, provider names, claims information and medical and clinical treatment information.
After learning of the data breach, Parker’s IT team began incident response protocols, including shutting down specific systems. Parker then launched an investigation with a forensic investigation firm and other third-party cybersecurity and incident response professionals. Parker is also working with law enforcement authorities.
On May 12, 2022, Parker began mailing letters to individuals whose information may have been involved in the incident. In an abundance of caution, Parker has arranged for all notified individuals to receive a complimentary two-year membership in Experian’s® IdentityWorksSM,” it revealed in the press release.
The company said it’s taking steps to safeguard its systems and data against the evolving threats to company information and regrets any inconvenience or concern this incident may cause.
The Conti gang, which has links to the Russian state, is known for targeting critical national infrastructure and government systems. The gang recently claimed responsibility for a series of recent cyber-attacks on Costa-Rican government systems. It is believed to be extorting the Costa Rica government for millions after rendering IT systems across several ministries and threatening to publish stolen data online.