Bridgestone Americas Inc. has officially labeled its “information security incident” a ransomware attack, and the tiremaker says some company data has been compromised and posted online.
“They have released the first batch of data to a leak site and are threatening to release small batches of data to be posted over an unspecified period,” Bridgestone said in an update.
The company says it has “no evidence this was a targeted attack.” Bridgestone last week said all of its plants were back online and operational. The tiremaker first detected the breach on Feb. 27 and shut down its manufacturing facilities in North America and Latin America, and also disconnected dealers from some production tools.
Bridgestone says, “We are committed to conducting a swift and comprehensive investigation to determine as quickly as possible what specific data was taken from our environment. Bridgestone treats the security of our teammates, customers, and partners’ information with the utmost importance. We will continue to communicate with all our stakeholders frequently, working together to mitigate potential harm from these types of incidents and to further enhance our cybersecurity measures as recommended by our internal and external security advisors.”
SecurityWeek reported that “a cybercrime gang that has been using the LockBit 2.0 ransomware” has taken credit for the Bridgestone attack, and that the group is threatening to make public “all available data.” The publication says the same group has taken credit for other high-level system breaches.
The CyberWire said it was unknown how much money LockBit was demanding from Bridgestone to protect its data, but that "tens of millions of dollars could be at stake." CyberWire says the Federal Bureau of Investigations issued a warning in February about the group's activities.