Cyber Incident Victim: Brooks International

The Brooks International ransomware incident occurred in March 2020 when the Sodinokibi ransomware group stole and subsequently leaked over 12 GB of sensitive company data after the organization declined to pay the ransom. Following the established tactic first pioneered by Maze Ransomware in 2019, Sodinokibi operators exfiltrated files prior to encryption and used this stolen data as leverage during negotiations. The published data contained highly sensitive information including employee usernames and passwords, corporate credit card statements, tax documents, and W2 forms. Cybersecurity firm Cyble alerted BleepingComputer that other threat actors began redistributing and monetizing this dataset on hacker forums within days of its initial leak, with one forum member selling access for approximately 2 Euros (8 forum credits). Analysis of forum discussions revealed that purchasers considered the data exceptionally valuable due to its financial records and personally identifiable information.

BleepingComputer attempted to notify Brooks International about the ongoing dissemination of their stolen data through multiple phone calls but received no substantive response beyond initial contact. The incident demonstrated concrete operational risks beyond encryption, as exposed employee tax documents and financial records created substantial identity theft vulnerabilities for staff. This event contributed to broader industry recognition that ransomware attacks constitute data breaches requiring disclosure, particularly when employee personal information is compromised. Despite these risks, the article noted that Brooks International had not publicly acknowledged the breach or notified affected employees about the exposure of their sensitive data as of the reporting date. The unauthorized sale of the dataset on cybercriminal platforms ensured persistent availability of the stolen information long after the initial leak.