Cyber Incident Victim: RR Donnelley

RR Donnelley (RRD), a global communications and marketing services firm with 33,000 employees and $4.93 billion in 2021 revenue, experienced a significant cybersecurity incident in December 2021. The company disclosed via a December 27 SEC Form 8-K filing that it had suffered a "systems intrusion" requiring proactive network shutdowns to contain the attack's spread. This defensive action caused operational disruptions affecting multiple client services, including delays in processing printed documents essential for vendor payments, disbursement checks, and motor vehicle documentation. While RRD's initial disclosure stated no evidence of client data compromise, subsequent developments revealed broader impacts. The Conti ransomware group publicly claimed responsibility for the attack on January 15, 2022, initially leaking approximately 2.5GB of allegedly stolen corporate data before temporarily removing it from public view following renewed negotiations with RRD.

On January 19, 2022, RRD filed an updated 8-K confirming data exfiltration had occurred during the December intrusion, clarifying this was not a new incident. The company acknowledged ongoing analysis to determine the nature of accessed data while implementing measures to protect corporate and client information. RRD maintained direct communication with affected clients throughout the incident response process. The ransomware attack occurred shortly after RRD's December announcement of a definitive merger agreement with Chatham Asset Management, aligning with FBI warnings from November 2021 about ransomware actors strategically timing attacks to coincide with major financial events like mergers and acquisitions. Operational recovery efforts proceeded alongside negotiations to prevent further data dissemination, though the company did not disclose whether ransom payments were made or specify technical details about the intrusion methodology.