OmniVision discloses data breach after 2023 ransomware attack

Omnivision camera

The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year.

OmniVision, a subsidiary of the Chinese Will Semiconductor, designs and develops imaging sensors for smartphones, laptops, webcams, automotive, medical imaging systems, and others.

In 2023, the company employed 2,200 people and reported an annual revenue of $1.4 billion.

On Friday, OmniVision informed the authorities in California of a security breach incident that lasted between September 4 and September 30, 2023, when its systems were encrypted by ransomware.

"On September 30, 2023, OVT became aware of a security incident that resulted in the encryption of certain OVT systems by an unauthorized third party," reads the notice.

"In response to this incident, we promptly launched a comprehensive investigation with the assistance of third-party cybersecurity experts and notified law enforcement."

"This in-depth investigation determined that an unauthorized party took some personal information from certain systems between September 4, 2023, and September 30, 2023."

OmniVision says its internal investigation of the incident was concluded on April 3, 2024, revealing that the attackers stole personal information from the company.

The data that was stolen has been censored in the notification sample, while the number of exposed individuals also remains unknown.

However, an announcement by the Cactus ransomware gang on October 17, 2023, claimed the attack on OmniVision and leaked the following data samples:

  • Passport scans

  • Nondisclosure agreements

  • Contracts

  • Confidential documents

The threat actors eventually released all data they held from the attack in a ZIP archive made available to download for free.

OmniVisionOmniVision listed on the Cactus blog
Source: KELA

At the time of writing this, OmniVision has been removed from the Cactus ransom extortion page on the dark web.

Cactus is a ransomware gang that emerged roughly a year ago, targeting flaws in VPN appliances to gain access to corporate networks while following the peculiar practice of encrypting itself to evade detection.

The threat group has previously attacked large companies such as cold storage and logistics giant Americold and energy and automation manufacturing conglomerate Schneider Electric.

In response to this security and data breach, OmniVision took measures to secure its environment and detect suspicious activity faster. They also offer 24-month credit monitoring and identity theft restoration service to the notice recipients.

Impacted individuals are recommended to enroll in the service offered, stay vigilant against unsolicited and suspicious communications, regularly review credit reports and account statements, and report unusual activity to their financial institution.