Belden, a U.S. manufacturer of networking and industrial cable products, said Tuesday that unidentified attackers had accessed and copied data on current and former employees, and some of its business partners.
The St. Louis-based company, which reported more than $2 billion in revenue last year, said in a statement that it believed it prevented the attackers from further accessing data on its servers, and that it had hired lawyers to help it “notify appropriate regulatory authorities [of the incident] around the world.” The company said law enforcement is investigating the incident.
Executives did not disclose how many people’s information was compromised. Belden spokesperson Rachael Matthews told CyberScoop the data may have included sensitive personal information, including bank account information and Social Security numbers.
“Personal information accessed and stolen may have contained such information as names, birthdates, government-issued identification numbers (for example, Social Security/national insurance), bank account information of North American employees on Belden payroll, home addresses, email addresses and other general employment-related information,” Matthews said in an email. “Limited company information accessed and stolen related to some of our business partners include bank account data and, for U.S. partners, their taxpayer ID numbers.”
Matthews said Belden is notifying all affected employees and business partners, and that the company is providing “individuals with free monitoring and support services, where available.”
Belden, which has offices on multiple continents, makes fiber-optic cables and networking equipment used in the transportation, oil and gas, and other sectors. Belden has invested considerably in cybersecurity products. The company in 2014 bought cybersecurity company Tripwire, which makes data-integrity software, for $710 million.
Belden said it had hired outside security experts who “determined that Belden was the target of a sophisticated attack by a party outside the company that accessed a limited number of company file servers.”
“This issue is not impacting production from Belden manufacturing plants, quality control or shipping, which are operating normally,” the statement continued.
A Belden spokesperson did not respond to requests for comment on what qualified the attack as “sophisticated,” who was behind it or whether malware was involved.
UPDATE, 2 p.m. EDT: This story has been updated with an additional statement from a Belden spokesperson.