OmniVision Confirms Ransomware Attack: Personal Data Compromised

OmniVision, a renowned manufacturer of image sensors utilized in numerous smartphone cameras worldwide, has announced a data security breach following a ransomware attack. The company’s headquarters are located in California, and in 2023, it employed a total of 2,200 people, with an annual revenue of $1.4 billion.

Last week, OmniVision notified California authorities about the security breach that occurred from September 4 to September 30, 2023, when the company’s systems were encrypted by Cactus ransomware.

“On September 30, 2023, OVT learned of a security incident that resulted in the encryption of some of the company’s systems by an unauthorized party,” the notification stated.

“In response to this incident, a comprehensive investigation was immediately initiated with the involvement of external cybersecurity experts, and law enforcement authorities were notified. The investigation determined that an unauthorized individual gained access to some personal information in the company’s systems between September 4 and September 30, 2023,” OmniVision representatives stated.

The investigation concluded on April 3, 2024. It revealed that the attackers had stolen confidential company data. However, the notification did not specify which data was stolen, nor the number of affected individuals.

Nevertheless, according to data from the Cactus hacker group, which published their own notice on October 17, 2023, on their website, the following data samples were stolen:

• Scanned copies of employee passports;
• Non-disclosure agreements (NDAs);
• Partnership contracts;
• Other confidential documents.

Ultimately, the attackers released all the stolen data in a ZIP archive for free download. Interestingly, as of the publication of this material, references to OmniVision had been removed from the Cactus group’s darknet page.

The Cactus ransomware group emerged approximately a year ago, exploiting vulnerabilities in VPN devices to access corporate networks. They previously attacked major companies such as Americold and Schneider Electric.

In response to the security incident and data breach, OmniVision has taken measures to secure its environment and enhance the rapid detection of suspicious activity. The company also offers 24-month credit monitoring and identity restoration services to employees affected by the attack.