Schneider Electric confirms cyberattack investigation into stolen Jira data

Schneider Electric confirms cyberattack investigation into stolen Jira data

Schneider Electric's logo affixed to a corporate office building in Rueil-Malmaison, France
HJBC/Adobe Stock

Schneider Electric is investigating an alleged cybersecurity breach after a hacker taunted the firm, claiming to have accessed its Jira server and made off with confidential data.

The French firm confirmed to Capacity that it has rolled out its Global Incident Response team to look into unauthorised access to its internal project tracking platforms.

Subscribe today for free


A hacker known as “Grep” posted on X (formerly Twitter) over the weekend claiming to have been behind the attack.


According to BleepingComputer, Grep stole data related to projects and plugins and demanded $125,000 worth of baguettes to not leak the data — before posting more than 400,000 rows of data totalling 40GB on a forum on the dark web.

In a statement to Capacity, Schneider Electric said none of its products and services have been affected by the incident as it looks into the breach.

Grep is a notable threat actor, and was behind the breach at French technology services giant Capgemini, where API keys, staff information, and T-Mobile virtual machine logs were among the data that was stolen.

Other prior Grep victims include Dell Technologies, where they also stole Jira files and information about staff.

The hacker's name originates from the Unix command function, which stands for “global search for lines matching a regular expression” which is used to search for text patterns in files that contain regular expressions.

While Grep is believed to have acted alone in its attack on Schneider Electric, the hacker told BleepingComputer that it had formed a new hacking group.

The group, known as International Contract Agency (ICA), a name they appropriated from the shadow organisation from the Hitman video games series, won’t extort the companies they breach — instead, publishing stolen information if their victims fail to acknowledge the incident within 48 hours.

RELATED STORIES

Schneider Electric replaces CEO Herweck over strategy concerns

Cisco shuts down DevHub developer environment following data breach

Cisco hit by major breach: Hackers steal confidential data and source code

Gift this article