Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools.
A company spokesperson told us that the incident occurred after unauthorized actors breached an internal sales tool used in the EMEA (Europe, Middle East, Africa) region.
“Avnet recently identified unauthorized access to externally hosted cloud storage supporting an internal sales tool used in EMEA,” stated the spokesperson.
“Most of the data is not easily readable without access to Avnet’s proprietary sales tool, which remains secure and was not impacted by this event.”
Avnet is an American public company that operates distribution and design/engineering centers in 125 countries. It is a Fortune 500 firm with 15,000 employees and an annual revenue of $27 billion.
A threat actor told BleepingComputer that they breached Avnet and stole 1.3TB of compressed data (between 7 and 12TB of raw data) that includes details about the company’s operations in EMEA and other regions.
According to the hackers, Avnet detected the breach on September 26 and started to rotate all secrets throughout its Azure/Databricks environments without publicly disclosing the incident.
The threat actor said their interest is purely financial and set up a leak site on the dark web to pressure the company into paying a ransom by publishing data samples.
Some of the samples BleepingComputer saw are in plaintext form, containing sensitive information, including personally identifiable information, contrary to Avnet’s claims that the stolen data isn’t readable unless custom tools are used.
However, the company did not confirm the authenticity of the leaked data.
Avnet told BleepingComputer that the incident was limited to a single system in the EMEA region and that it did not disrupt global operations. The company informed authorities about the incident and said that impacted customers and suppliers will be contacted directly.
At this time, the number of potentially impacted individuals is unknown.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy
