{
	"id": "fbf24b1b-521a-4bc1-9c7e-c913a32f59ce",
	"created_at": "2026-04-06T00:22:20.153421Z",
	"updated_at": "2026-04-10T03:21:00.655815Z",
	"deleted_at": null,
	"sha1_hash": "f91f50853a37c5c889d6a3815bc266bdffb4d3d9",
	"title": "Nokia subsidiary discloses data breach after Conti ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2294654,
	"plain_text": "Nokia subsidiary discloses data breach after Conti ransomware attack\r\nBy Sergiu Gatlan\r\nPublished: 2021-08-23 · Archived: 2026-04-05 13:08:04 UTC\r\nImage: Kabiur Rahman Riyad\r\nSAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti\r\noperators were able to successfully breach its network, steal data, and encrypt systems.\r\nThe wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers,\r\nmajor tower owners, and original equipment manufacturers (OEMs) across the US. \r\nhttps://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nSAC Wireless helps customers design, build and upgrade cellular networks, including 5G, 4G LTE, small cell and FirstNet.\r\nAttack detected after Conti ransomware encrypted systems\r\nThe company discovered that its network was breached by Conti ransomware operators on June 16, only after deploying\r\ntheir payloads and encrypting SAC Wireless systems.\r\nThe Nokia subsidiary found that personal information belonging to current and former employees (and their health plans'\r\ndependents \r\nor beneficiaries) was also stolen during the ransomware attack on August 13, following a forensic investigation conducted\r\nwith the help of external cyber security experts.\r\n\"The threat actor, Conti, gained access to the SAC systems, uploaded files to its cloud storage, and then, on June 16,\r\ndeployed ransomware to encrypt the files on SAC systems,\" SAC says in data breach notification letters sent to an\r\nundisclosed number of impacted individuals.\r\nAfter completing the forensic investigation, the company believes that the stolen files contain the following categories of\r\npersonal info: \"name, date of birth, contact information (such as home address, email, and phone), government ID numbers\r\n(such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title,\r\nsalary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures,\r\ncertificates of marriage or birth, tax return information, and dependent/beneficiary names.\"\r\nIn response to the ransomware attack, SAC has taken multiple measures to prevent future breaches, including:\r\nchanged firewall rules,\r\ndisconnected VPN connections,\r\nactivated conditional access geo-location policies to limit non-U.S. access,\r\nprovided additional employee training,\r\ndeployed additional network and endpoint monitoring tools,\r\nexpanded multi-factor authentication,\r\nand deployed additional threat-hunting and endpoint detection and response tools.\r\nBleepingComputer reached out to SAC Wireless for additional information on the attack two weeks ago, on August 12, but a\r\ncompany spokesperson refused to confirm that it involved ransomware or provide additional details.\r\n\"SAC is aware of an incident, and we are currently investigating the matter,\" the spokesperson said. \"As we continue to\r\nassess the incident, we are in contact with relevant parties to recommend that appropriate safeguards and precautions may be\r\ntaken.\"\r\nConti claims to have stolen 250GB of files\r\nWhile the company refused to acknowledge the ransomware attack and did not provide more info on the extent of the\r\ndamage, the Conti ransomware gang revealed on their leak site that they stole over 250 GB of data.\r\nAccording to a recent update, the ransomware group will soon leak all the stolen files online if the Nokia subsidiary doesn't\r\npay the ransom they demanded.\r\nConti ransomware is a private Ransomware-as-a-Service (RaaS) operation likely controlled by a Russian-based cybercrime\r\ngroup known as Wizard Spider.\r\nConti shares some of its code with the notorious Ryuk Ransomware, whose TrickBot distribution channels they began using\r\nafter Ryuk decreased activity around July 2020.\r\nThe gang has recently breached Ireland's Health Service Executive (HSE) and Department of Health (DoH), asking the\r\nformer to pay a $20 million ransom after encrypting its systems.\r\nhttps://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/\r\nPage 3 of 4\n\nThe FBI also warned in May that Conti operators have attempted to breach the networks of more than a dozen US healthcare\r\nand first responder organizations.\r\nEarlier this month, a disgruntled affiliate leaked the gang's training materials, including information about one of its\r\noperators, a manual on deploying Cobalt Strike and mimikatz, as well as numerous help documents allegedly provided to\r\naffiliates when performing Conti attacks.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/"
	],
	"report_names": [
		"nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434940,
	"ts_updated_at": 1775791260,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f91f50853a37c5c889d6a3815bc266bdffb4d3d9.pdf",
		"text": "https://archive.orkl.eu/f91f50853a37c5c889d6a3815bc266bdffb4d3d9.txt",
		"img": "https://archive.orkl.eu/f91f50853a37c5c889d6a3815bc266bdffb4d3d9.jpg"
	}
}