em360tech image

Schneider Electric has confirmed that one of their developer platforms has been breached.

The threat actor known as ‘Grep’ claimed to have stolen over 40GB of data from the energy management company.

He addressed the company on X, formally known as Twitter, saying:

‘Hey @SchneiderElec how was your week? Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data >_<’

Grep claimed to have accessed Schneider Electric's server using exposed credentials. He claims to have used MiniOrange REST API to access customers and employees personal data, this includes 75,000 full names and email addresses.

In a post on the dark web site ‘HellCat’, the threat actor stated that the breach compromised ‘critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totally more than 40GB Compressed Data.’

The post goes on to demand $125,000 not to leak the data, offering to reduce this fee by 50% if a statement acknowledging the breach is released.

Interestingly, the threat actor demanded the ransom payment in ‘baguettes’. While the exact reason for the baguette demand remains unclear, it's possible that the attackers were attempting to draw attention to their attack, mock the French company, or simply add a layer of absurdity to their demands.

What To Do If Your Data Was Leaked In The Schneider Electric Data Breach

Having your personal data compromised can be scary. However, there are steps you can take to minimize the impact and give you greater peace of mind.

Be aware that your information being compromised can make you a target for social engineering and phishing scams. These scams involve impersonating trusted organizations or individuals using information they already have about you as a result of the leak to convince you to hand over money or further details. Be skeptical of anyone asking you for information.

Update all passwords and enable multi-factor authentication on as many accounts as possible, especially social media accounts as well as banking and email.

Make sure you also keep a close eye on your bank and credit card statements for any unusual activity and report any suspicious transactions immediately and consider freezing your cards and credit.