July 31, 2023
Cree Lighting Hit by Cyberattack
Approximately 609 individuals impacted by data breach
In June 2023, a widespread cyberattack and data breach made headlines across the globe as a vulnerability in MOVEit, a managed file transfer software developed by Ipswitch, Inc., was exploited by malicious hackers. These attackers, affiliated with the Russian cyber gang known as CL0P, used a custom web shell to steal various files and something called Microsoft Azure Storage Blob information.
It has recently come to light that Cree Lighting, a subsidiary of Ideal Industries with significant employee presence in Wisconsin and North Carolina, was one of the many worldwide organizations affected by this cyberattack.
A Cree Lighting spokesperson addressed the issue, stating, “Unfortunately, along with likely thousands of companies and some government agencies, we were impacted by the global MoveIT breach. Our IT security systems identified the breach, and working with Cybersecurity experts, we immediately took actions to secure our systems and advise law enforcement - some employee data was compromised, we have provided impacted employees with credit monitoring services, and we continue to carefully monitor our systems.”
According to Cree Lighting’s Disclosure to North Carolina Government Officials:
Through an open records request, inside.lighting obtained the disclosure that Cree Lighting filed with the state of North Carolina. According to the filing, it has been determined that approximately 609 individuals were affected by the breach. Out of these, 32 were North Carolina residents. The compromised data may have included names, addresses, dates of birth and Social Security numbers of these individuals.
Cree Lighting informed the state of North Carolina that it is implementing additional security measures to prevent similar incidents in the future. To assist the affected employees, Cree Lighting is offering 24 months of complimentary credit monitoring services to affected individuals through Experian.
Cree Lighting is not the only big name in lighting recently cyberattacked
Lighting industry juggernaut Acuity Brands experienced two cyberattacks in December 2021 that potentially exposed personal information of both current and former employees. As per a filing from the Maine Attorney General's office, a total of 37,137 people were impacted by the breaches. The disclosed information varied per individual, and may have included names, social security numbers, driver's license numbers, financial account details, and limited health information.
Impact on Other Organizations:
The MOVEit vulnerability did not spare several prominent organizations worldwide. The Government of Nova Scotia estimated that around 100,000 present and past employees were impacted by the breach. In the United Kingdom, companies like the BBC, British Airways, Boots, Aer Lingus, and payroll service Zellis fell victim to the attack. Additionally, Ernst & Young, Transport for London, and Ofcom faced their own instances of being affected.
In the United States, the Department of Energy and several other government organizations, including the Louisiana Office of Motor Vehicles and Oregon Driver and Motor Vehicle Services, were also hit, impacting millions of residents.
Cree Lighting, along with numerous other companies and government entities, have been grappling with the aftermath of this security incident. As the investigation concludes, affected organizations are working diligently to secure their systems and protect the personal data of their employees and customers. The incident serves as a stark reminder of the ever-increasing need for robust cybersecurity measures in the digital age.
