Cyber Incident Victim: Olympus

On October 10, 2021, Olympus detected suspicious activity on its IT systems in the Americas, encompassing the United States, Canada, and Latin America. The company responded by mobilizing a specialized incident response team that included forensic experts to investigate the potential cybersecurity incident. As part of containment measures, Olympus proactively suspended affected IT systems and notified relevant external partners. By October 12, the company confirmed the incident was isolated to its Americas operations, with no evidence of impact on systems in other global regions. Olympus did not disclose whether attackers accessed or exfiltrated customer or corporate data during the breach but committed to providing updates as the investigation progressed. The company emphasized collaboration with third-party experts to restore systems securely while prioritizing customer and partner trust.

This incident occurred approximately one month after a separate ransomware attack impacted Olympus’s EMEA (Europe, Middle East, Africa) IT systems in early September 2021. Forensic evidence from the earlier attack, including ransom notes, identified the BlackMatter ransomware group as responsible. Although Olympus did not attribute the October Americas incident to a specific threat actor, the timing aligned with documented ransomware tactics of targeting weekends and holidays to delay detection. The FBI and CISA had previously warned in an August 2021 advisory about increased ransomware attacks during such periods, citing incidents around the Fourth of July holiday. Olympus maintained over 31,000 employees globally at the time of the attacks, with its Americas operations disruption representing the second major cybersecurity incident affecting the company within a six-week period. The company’s public statements focused on containment progress and service restoration but did not detail operational impacts or recovery timelines.