Cyber Incident Victim: Suder
Date:
Mar 2025
Location:
Poland
Summary
Suder disclosed that its systems were encrypted by ransomware deployed by the hacker group Qilin, leading to a potential breach of personal data. The company notified law enforcement and engaged external specialists to investigate the scope of the incident, noting that unauthorized access to customer information could not be ruled out. Exposed data reportedly included packing lists, medical certificates, employment contracts and copies of Polish passports. The incident raised concerns about possible misuse of the data for financial fraud, identity theft and unauthorized access to services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
OnMarch 6 2025, Suder employees observed irregularities in IT systems and reported them to the IT department; subsequent analysis revealed that the company's servers had been encrypted by ransomware. The incident was attributed to an anonymous hacker group identifying itself as Qilin. Law enforcement and relevant state authorities were notified immediately after the discovery. The company engaged a professional incident response team to assist with the investigation and to determine the scope of the compromise.
On March 11 2025, the Qilin group published twelve scanned documents and screenshots as proof of the attack, including a packing list, a medical decision for a driver‑warehouse worker, an employment contract, and two Polish passports, with one document dated early March indicating access to current data. The group had previously targeted health‑related organizations in London, Japan and Palau, and some of their earlier leaks contained medical records and images of patients' organs. Suder confirmed that unauthorized access to personal data could not be ruled out, noting potential misuse such as fraudulent loan applications, unauthorized access to health services and civil‑rights procedures, identity theft, and illicit use of banking, insurance or telecom credentials.
Suder issued a public notice on its website describing the breach, informing affected individuals of the possible risks and providing the contact details of its Data Protection Officer, Krzysztof Radtke, at [email protected]. The company stated that it continued to investigate the incident and cooperated with external experts to clarify the extent of data exposure. No further details about the volume of stolen files or the exact timeline of the attackers’ access were disclosed in the available sources.