Canadian snowmobile, motorcycle, and ATV manufacturer Bombardier Recreational Products has been hit by a ransomware attack earlier this month, which has since been claimed by the RansomEXX ransomware group, reports BleepingComputer.
All BRP operations have been temporarily disrupted by the "malicious cyberactivity" first reported by the company on Aug. 8 but production at four manufacturing sites in Canada, the U.S., Austria, and Finland resumed a week later.
Threat actors behind the attack were able to infiltrate the company's internal systems through a supply chain attack, according to BRP.
Meanwhile, BRP has been listed on the leak site of the RansomEXX ransomware gang on Tuesday, with the ransomware group also leaking 29.9 GB of stolen files, including non-disclosure agreements, material supply deals, contract renewals, passports, and IDs.
BRP has already confirmed the legitimacy of the exposed documents and noted that employees who may have been affected were already notified.
"Based on the current status of its investigation, BRP also believes that the compromised information relating to certain of its suppliers is limited in quantity and sensitivity, and is in the process of contacting them," added the company.
California's Tahoma County may have had its employees', service recipients', and affiliates' personally identifiable information compromised following a data breach of systems belonging to its Department of Social Services, which was identified on April 9 but was found to have occurred from Nov. 18, 2021 to April 9, 2022, according to SecurityWeek.