Storopack, Inc.

On March 21, 2023, Storopack, Inc. fell victim to a ransomware attack targeting its parent corporation in Germany, as reported by the Maine Office of the Attorney General on July 7, 2023. The incident resulted in a data breach where unauthorized actors gained access to systems containing personal information of employees. While the exact nature of the compromised data (e.g., financial records, identification details, or internal communications) remains undisclosed, the breach poses a significant risk of internal employee data exposure. The attack originated from external hackers exploiting vulnerabilities in the parent company’s infrastructure, leading to potential long-term reputational and operational consequences. The lack of clarity on the stolen data heightens concerns over identity theft, phishing risks, or misuse of sensitive employee records. Storopack has not confirmed whether ransom demands were met or if data recovery efforts were successful, leaving affected individuals in uncertainty regarding the full scope of the exposure.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d38350ad-f596-41a0-973f-c3096464c750.shtml

TPRM report: https://www.rankiteo.com/company/storopack

"id": "sto028091825",
"linkid": "storopack",
"type": "Ransomware",
"date": "3/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'packaging solutions',
                        'location': {'affected_region': 'Maine, USA '
                                                        '(reporting)',
                                     'headquarters': 'Germany (parent '
                                                     'corporation)'},
                        'name': 'Storopack, Inc.',
                        'type': 'subsidiary'}],
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (potential PII)',
                 'type_of_data_compromised': ['personal information '
                                              '(employees)']},
 'date_detected': '2023-03-21',
 'date_publicly_disclosed': '2023-07-07',
 'description': 'On July 7, 2023, the Maine Office of the Attorney General '
                'reported a data breach involving Storopack, Inc., which '
                'experienced a ransomware attack on March 21, 2023. The '
                "breach, resulting from the hacking of Storopack's parent "
                'corporation in Germany, potentially impacted personal '
                'information of employees, although specific data accessed or '
                'stolen has not been identified.',
 'impact': {'data_compromised': True, 'identity_theft_risk': True},
 'initial_access_broker': {'high_value_targets': ['parent corporation '
                                                  '(Germany)']},
 'investigation_status': 'ongoing (specifics of accessed/stolen data '
                         'unidentified)',
 'ransomware': {'data_encryption': True},
 'references': [{'date_accessed': '2023-07-07',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'communication_strategy': {'regulatory_disclosure': 'Maine '
                                                                  'Office of '
                                                                  'the '
                                                                  'Attorney '
                                                                  'General'}},
 'title': 'Storopack, Inc. Ransomware Attack (March 2023)',
 'type': 'ransomware'}