AkzoNobel Confirms Cyberattack on U.S. Site as Anubis Ransomware Gang Leaks Stolen Data
Dutch multinational paint and coatings giant AkzoNobel has confirmed a cybersecurity breach at one of its U.S. sites, following a data leak by the Anubis ransomware gang. The company stated that the incident was contained and limited to the affected location, with no broader impact on its global operations.
In a statement to BleepingComputer, AkzoNobel acknowledged the breach, noting that it is notifying impacted parties and collaborating with authorities. The company, which employs 35,000 people and generates over $12 billion in annual revenue, owns well-known brands such as Dulux, Sikkens, International, and Interpon.
The Anubis ransomware group claimed responsibility for the attack, alleging it exfiltrated 170GB of data nearly 170,000 files from AkzoNobel. Leaked samples on the gang’s dark web site include confidential client agreements, internal emails, passport scans, technical specifications, and material testing documents. The full dataset has not yet been released, and AkzoNobel has not disclosed whether it engaged with the attackers.
Anubis, a ransomware-as-a-service (RaaS) operation, emerged in December 2024 and gained traction after launching an affiliate program on the RAMP cybercrime forum in February 2025. The group offers affiliates 80% of ransom payments and has since expanded its tactics, including a data-wiping tool introduced in June 2025 to prevent file recovery. The breach marks another high-profile attack by the increasingly active ransomware group.
AkzoNobel cybersecurity rating report: https://www.rankiteo.com/company/akzonobel
"id": "AKZ1772583818",
"linkid": "akzonobel",
"type": "Ransomware",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Paint and coatings',
'location': 'Netherlands (global), U.S. (affected '
'site)',
'name': 'AkzoNobel',
'size': '35,000 employees, $12 billion annual revenue',
'type': 'Corporation'}],
'customer_advisories': 'Notifying impacted parties',
'data_breach': {'data_exfiltration': 'Yes (170GB exfiltrated)',
'number_of_records_exposed': 'Nearly 170,000 files',
'personally_identifiable_information': 'Yes (passport scans)',
'sensitivity_of_data': 'High (PII, confidential business '
'documents)',
'type_of_data_compromised': ['Confidential client agreements',
'Internal emails',
'Passport scans',
'Technical specifications',
'Material testing documents']},
'description': 'Dutch multinational paint and coatings giant AkzoNobel '
'confirmed a cybersecurity breach at one of its U.S. sites '
'following a data leak by the Anubis ransomware gang. The '
'incident was contained and limited to the affected location, '
'with no broader impact on global operations. The Anubis '
'ransomware group claimed responsibility, alleging '
'exfiltration of 170GB of data (nearly 170,000 files), '
'including confidential client agreements, internal emails, '
'passport scans, technical specifications, and material '
'testing documents.',
'impact': {'data_compromised': '170GB (nearly 170,000 files)',
'identity_theft_risk': 'High (passport scans exposed)',
'operational_impact': 'Contained to affected location, no broader '
'impact on global operations',
'systems_affected': 'Limited to one U.S. site'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (ransom demand), data exfiltration',
'ransomware': {'data_exfiltration': 'Yes (170GB exfiltrated)',
'ransomware_strain': 'Anubis'},
'references': [{'source': 'BleepingComputer'}],
'response': {'communication_strategy': 'Notifying impacted parties',
'containment_measures': 'Incident contained to affected site',
'law_enforcement_notified': 'Yes (collaborating with '
'authorities)'},
'threat_actor': 'Anubis ransomware gang',
'title': 'AkzoNobel Cyberattack by Anubis Ransomware Gang',
'type': 'Ransomware'}