Snap-on, the American manufacturer specialising in automotive tools, recently confirmed a data breach had taken place on its network.

The leak has exposed data on franchisees and was discovered after the company identified suspicious activity its system. Even though Snap-on moved quickly to shut down its network, the nefarious ransomware gang Conti has disclosed the enterprise’s private data online.

Snap-on is a market leader in manufacturing and designing software, tools and diagnostic services employed by big names in transportation, including Mitchell 1, Blue-Point, Norbar, Williams and Blackhawk.

Revealing a data leak

In a recent statement, the US-based firm detailed its discovery of the data breach and commented on its actions in an official breach notice posted on the Snap-on website:

“In early March, Snap-on detected unusual activity in some areas of its information technology environment. We quickly took down our network connections as part of our defence protocols, particularly appropriate given heightened warnings from various agencies. We launched a comprehensive analysis assisted by a leading external forensics firm, identified the event as a security incident, and notified law enforcement of the incursion.”

It is often common practice for firms to enlist the aid of an external forensics team to investigate an onsite data breach when their operations lacks the skillset to perform an in-depth analysis. An independent eye on an incident can also clear companies of any internal threats that may be involved.

After conducting its investigation, the manufacturer found that threat operators had stolen personal data that belonged to company employees from March 1 to March 3 this year. In a recent notification Snap-on sent to the Attorney General’s Office in California, the firm commented on the kind of data involved in the breach:

“We believe the incident involved associate and franchisee data including information such as: names, Social Security Numbers, dates of birth, and employee identification number.”

In reparation to data subjects involved in the leak, the auto tool maker has offered a year’s subscription free of charge to a dedicated identity theft protection service.

Responsibility for the cyberattack claimed by Conti

Ido Cohen, the threat intelligence experts, noted that Conti had claimed ownership on the attack on Snap-on and had subsequently started to leak approximately 1 GB worth of data files it claimed to have obtained during the incursion on the manufacturer’s network.

However, the ransomware gang rapidly removed the leak from its dedicated site for disclosing stolen information shortly after. Some security researchers have intimated that in their opinion, the US company may have given in to Conti’s ransom demands to protect the sensitive information from being disclosed.

Conti is a dedicated ransomware operation currently operated by a Russia-based hacking outfit. The gang is known for its ransomware operations but also for using a range of malware infections, like TrickBot, Ryuk and BazarLoader. The gang typically used Trojans to infect and breach systems and once remote access is acquired, it spreads across a firm’s network, stealing data and deploying ransomware.