Thirty gigabytes of data were allegedly stolen during a cyberattack carried out at the manufacturer of recreational vehicles BRP earlier this month.
According to the Hackfest Facebook page, the Ransomexx group, which is believed to be behind the cyberattack, has released more than 29.29 GB of data online, including copies of passports, contracts and projects stolen from BRP’s computers.
However, the company ensures, for its part, that the scope of the cyberattack remains limited.
“Although the investigation is still ongoing, the evidence collected to date allows BRP to consider that the impact of this incident from a data privacy perspective is limited, as mentioned in the press release issued. August 15, 2022”, argued the company in a press release at the very end of the evening on Tuesday.
According to BRP, only “a few employees” would be affected by this incident, and these will have access to resources, such as credit monitoring services.
“According to the current status of the investigation, BRP also considers that the compromised information about some of its suppliers is limited in quantity and sensitivity, and is in the process of contacting them,” it added, assuring that there is “no evidence” that customer data has been affected.
The flagship of Valcourt had revealed on August 9 to be the target of a cyberattack which had forced it to suspend its activities, both in Canada and in the United States and Austria.
Activities had gradually resumed in the group’s various factories from August 15.
BRP said when it resumed operations that it expected “the impact of this incident from a data privacy perspective to be limited.”
“If circumstances should change, BRP will contact the affected individuals or companies directly,” the company said.