Ascentium Corp.

On December 24, 2020, Ascentium Capital LLC (operating as Ascentium Corp. and Ascentium Inc.) fell victim to a ransomware attack, leading to a confirmed data breach. The incident resulted in the unauthorized extraction of legacy employee personally identifiable information (PII), which was subsequently uploaded to the dark web around February 24, 2021. The breach was formally reported by the California Office of the Attorney General on March 23, 2021, though the exact number of affected individuals remains undisclosed. The compromised data included sensitive employee records, exposing former and potentially current staff to risks such as identity theft, phishing, or financial fraud. The attack’s execution—via ransomware—suggests the involvement of cybercriminals who not only encrypted corporate systems but also exfiltrated data for leverage or sale. The delay between the initial breach and the dark web disclosure indicates a prolonged period of vulnerability, amplifying the potential misuse of the stolen information. The incident underscores critical gaps in Ascentium’s cybersecurity defenses, particularly in safeguarding legacy employee data against evolving ransomware threats.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-539405

TPRM report: https://www.rankiteo.com/company/ascentium-capital

"id": "asc203090725",
"linkid": "ascentium-capital",
"type": "Ransomware",
"date": "12/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'name': 'Ascentium Corp.', 'type': 'corporation'},
                       {'name': 'Ascentium Inc.', 'type': 'corporation'}],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': 'personal identifying information '
                                             '(legacy employee data)'},
 'date_detected': '2020-12-24',
 'date_publicly_disclosed': '2021-03-23',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Ascentium Corp. and Ascentium Inc. on March '
                '23, 2021. The breach, which occurred on December 24, 2020, '
                'involved a ransomware attack that potentially compromised '
                'legacy employee personal identifying information, and it was '
                'confirmed that information was extracted and uploaded to the '
                'dark web on or about February 24, 2021. The number of '
                'individuals affected is currently unknown.',
 'impact': {'data_compromised': 'legacy employee personal identifying '
                                'information',
            'identity_theft_risk': 'high (PII exposed)'},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'ransomware': {'data_exfiltration': True},
 'references': [{'date_accessed': '2021-03-23',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'title': 'Data Breach and Ransomware Attack on Ascentium Corp. and Ascentium '
          'Inc.',
 'type': ['data breach', 'ransomware attack']}

Ascentium Corp.

VECT 2.0: New VECT 2.0 Ransomware Targets Multi-Platform Systems

Kettering Health: US Healthcare Data Breach Crisis Impacts Millions -- Security Today

Gelatissimo: Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce