OmniVision reports data breach after ransomware attack
Learn More
OmniVision, a California-based manufacturer of imaging sensors, reports a data breach following a ransomware attack by the Cactus ransomware group in 2023. OmniVision designs and develops imaging sensors for various applications including smartphones, laptops, webcams, automotive, and medical imaging systems.
The security breach occurred between September 4 and September 30, 2023, when OmniVision's systems were encrypted by the ransomware. On September 30, 2023, the company became aware of the incident and immediately initiated an investigation with the help of third-party cybersecurity experts. Law enforcement authorities were also notified.
The investigation concluded on April 3, 2024, revealing that unauthorized parties had stolen personal information from certain systems during the attack. These include:
- Passport scans
- Nondisclosure agreements
- Contracts
- Confidential documents
The number of affected individuals is not disclosed.
The threat actors eventually released all the stolen data in a ZIP archive available for free download. As of now, OmniVision has been removed from the Cactus ransom extortion page on the dark web.
OmniVision is offering 24-month credit monitoring and identity theft restoration services to affected individuals.
