Hackers publish sensitive employee data stolen during CommScope ransomware attack

Hackers published a trove of data stolen from U.S. network infrastructure giant CommScope, including thousands of employees’ Social Security numbers and bank account details.

The North Carolina–based company, which designs and manufactures network infrastructure products for a range of customers, including hospitals, schools and U.S. federal agencies, was listed on the dark web leak site of the Vice Society ransomware gang.

The listing includes a link to data stolen from the company. Ransomware gangs typically publish stolen data when efforts to secure a financial ransom demand fall through.

TechCrunch reviewed portions of the data, which include internal documents, invoices and technical drawings. The trove also contains personal data of thousands of CommScope employees, including full names, postal addresses, email addresses, personal numbers, Social Security numbers and bank account information. Another folder among the leaked data includes scans of employee passports and visa documentation.

The hackers appeared to gain deep access to the company’s network, exfiltrating backups of data pertaining to its MyCommScope customer portal and its internal intranet. Some of the data was unencrypted and appeared to include both CommScope customer and employee email addresses.

It’s unclear exactly how many employees have been affected. CommScope employs more than 30,000 people worldwide.

CommScope spokesperson Cheryl Przychodni confirmed to TechCrunch that the company detected “unauthorized access to a portion of our IT infrastructure that we determined was the result of a ransomware incident” on March 27.

“Upon discovery, we immediately launched a forensic investigation with the assistance of a leading cybersecurity firm and reported the matter to law enforcement,” Przychodni said, adding that the company is investigating Vice Society’s claims that it has published information from the company’s network.

“We are working with our third-party experts to validate those claims and to understand the nature of the information at issue as a top priority,” she said. “We are undergoing a thorough review of any impacted data with all possible speed.”

CommScope declined to answer our questions related to the leaked employee data and it’s unclear if the company has notified affected employees.

Przychodni added that CommScope has seen no evidence that customer information was accessed during the breach, but declined to say if the company has the means — like server logs — to determine what data was taken from its systems.

CommScope also declined to say how its systems were compromised or whether it has received any communication from the Vice Society hackers.

The Vice Society ransomware gang first made headlines in 2022 during a spate of cyberattacks targeting the healthcare and education sectors. One of the biggest breaches saw the hackers publish a 500GB trove of stolen sensitive data from the Los Angeles Unified School District (LAUSD), which included psychological assessments and other highly personal information of students.

The gang recently turned its attention to the manufacturing sector, according to cybersecurity company Trend Micro, which said Vice Society will likely remain a “significant player” in the ransomware landscape.


Do you work at CommScope? Do you know more about the data breach? You can contact Carly Page securely on Signal at +441536 853968, or by email.  You can also contact Zack Whittaker on Signal at +1 646-755-8849 or zack.whittaker@techcrunch.com. You can also share files and documents with TechCrunch via our SecureDrop.

Leave a Comment