Cyber Incident Victim: RR Donnelley
Date:
Dec 2021
Location:
United States of America
Summary
A cyberattack targeting R.R. Donnelley & Sons disrupted the vendor's technical environment, forcing system shutdowns and prompting a forensic investigation with cybersecurity experts. The intrusion caused multi-day operational delays for New Jersey state agencies, impacting the issuance of critical documents including motor vehicle records, vendor payments, and disbursement checks. While authorities acknowledged unauthorized network access by threat actors, they reported no evidence of compromised personally identifiable information during the initial investigation phase. The vendor's ongoing probe focused on determining the full scope of the breach and potential data exposure risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2021, R.R. Donnelley & Sons, a vendor providing document printing services to New Jersey state agencies, experienced a significant cybersecurity incident. The company identified a "systems intrusion in its technical environment," prompting an immediate shutdown of its servers and systems to contain the breach. Unauthorized individuals gained access to RR Donnelley’s network, disrupting its operational capabilities. New Jersey’s Office of Information Technology confirmed the incident impacted multiple state services reliant on the vendor’s systems. The disruption caused multi-day delays in producing critical documents including motor vehicle documentation, vendor payments, and disbursement checks. RR Donnelley initiated a forensic investigation and engaged cybersecurity experts to assess the intrusion’s scope. New Jersey officials stated they were unaware of any compromise to personally identifiable information at the initial investigation stage. Maria Prato, a spokeswoman for the state’s Homeland Security unit, characterized the incident as a systems hack affecting operational continuity. Michael Geraghty, New Jersey’s Chief Information Security Officer, emphasized the investigation remained active pending RR Donnelley’s findings. The vendor’s system outage created logistical challenges for state agencies dependent on printed materials for statutory and financial operations.
The incident occurred against the backdrop of a separate ransomware attack affecting Ultimate Kronos Group (UKG), another technology service provider, which had disclosed a December 13 cloud breach impacting payroll and workforce management systems. UKG’s incident required weeks-long restoration efforts and left customer data compromise uncertain during initial investigations. While unrelated to RR Donnelley’s intrusion, the UKG attack highlighted broader supply chain vulnerabilities affecting government and corporate operations. New Jersey officials maintained communication with RR Donnelley throughout the forensic process but refrained from disclosing specifics due to the active investigation. The state’s Cybersecurity and Communications Integration Cell monitored developments while awaiting conclusive findings about data exposure. Service delays persisted as RR Donnelley worked to restore systems, with no public confirmation of whether ransomware or data exfiltration occurred. The disruption underscored dependencies on third-party vendors for core administrative functions and the cascading operational impacts of cybersecurity incidents on government service delivery.