Ascentium Corporation

The California Office of the Attorney General disclosed a ransomware attack targeting Ascentium Corporation (operating as SMITH) on December 24, 2020, reported publicly on April 13, 2021. The incident compromised legacy employee data, exposing highly sensitive personal identifying information (PII), including names, Social Security numbers (SSNs), and other confidential records. The breach specifically affected internal employee data, though the exact number of impacted individuals remains undisclosed. The attack leveraged ransomware to encrypt and exfiltrate data, posing severe risks of identity theft, financial fraud, and long-term reputational harm to the company. Given the nature of the stolen information—core identifiers like SSNs—the breach carries high regulatory and legal repercussions, potentially triggering compliance violations under laws such as the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR) if applicable. The use of ransomware further escalates the threat, as attackers may demand payment for data recovery or threaten public disclosure. While the company has not confirmed whether a ransom was paid, the incident underscores critical vulnerabilities in legacy system security and the urgent need for robust cybersecurity measures to prevent similar exploits in the future.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-539889

TPRM report: https://www.rankiteo.com/company/ascentium-global

"id": "asc955091725",
"linkid": "ascentium-global",
"type": "Ransomware",
"date": "12/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'name': 'Ascentium Corporation (dba SMITH)',
                        'type': 'corporation'}],
 'data_breach': {'number_of_records_exposed': 'unknown',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (PII, SSNs)',
                 'type_of_data_compromised': ['names',
                                              'social security numbers',
                                              'legacy employee personal '
                                              'identifying information']},
 'date_detected': '2020-12-24',
 'date_publicly_disclosed': '2021-04-13',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Ascentium Corporation (dba SMITH) on April '
                '13, 2021. The breach occurred on December 24, 2020, due to a '
                'ransomware attack that affected legacy employee personal '
                'identifying information, including names, social security '
                'numbers, and other sensitive data.',
 'impact': {'data_compromised': ['names',
                                 'social security numbers',
                                 'other sensitive legacy employee personal '
                                 'identifying information'],
            'identity_theft_risk': 'high (due to exposure of SSNs and PII)'},
 'references': [{'date_accessed': '2021-04-13',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Data Breach at Ascentium Corporation (dba SMITH) Due to Ransomware '
          'Attack',
 'type': 'data breach, ransomware attack'}

Ascentium Corporation

DigitalMint and Sygnia Cybersecurity: Chicago cybersecurity firm employee brokered $75M in ransom after orchestrating hacks, feds say

England Hockey: England Hockey Investigates Possible Data Breach by AiLock Ransomware Group

Bell Ambulance: Bell Ambulance breach impacts over 237K