Canadian software company Constellation Software confirmed on May 5 that some of its systems had been breached by threat actors who had also stolen personal information and business data. The independent IT systems of Constellation’s operating groups and businesses were not affected by the incident, which was limited to a small number of systems related to internal financial reporting and related data storage.
The company said it had contained the attack and had now restored all IT infrastructure systems impacted in the incident. The company added that it is contacting business partners and individuals whose information was stolen during the breach.
ALPHV ransomware gang claimed responsibility for the attack. They added a new entry to their data leak site, saying that they breached Constellation’s network and stole more than 1 TB worth of files. As proof that they had access and exfiltrated files from Constellation’s network, ALPHV has already leaked some documents containing business information online.
The ransomware gang also threatens to leak the stolen data if the company ignores the ransom demand and refuses to negotiate.
Constellation Software acquires, manages, and builds software businesses through six operating groups: Volaris, Harris, Jonas, Vela Software, Perseus Group, and Topicus. The Canadian company has over 25,000 employees across North America, Europe, Australia, South America, and Africa, generating consolidated revenues exceeding $4 billion.
Constellation also provides services to 125,000 customers in over 100 countries and has acquired more than 500 software companies since 1995.
The ALPHV ransomware gang is considered one of the significant ransomware threats targeting enterprises worldwide. Last April, the Federal Bureau of Investigation (FBI) warned that ALPHV has “extensive networks and experience with ransomware operations” since they successfully breached over 60 entities worldwide from November 2021 to March 2022.
ALPHV is believed to be a rebrand of the DarkSide/BlackMatter gang, which first gained notoriety as DarkSide after attacking the Colonial Pipeline and immediately landing in the crosshairs of international law enforcement.
