Cyber Incident Victim: Baker Tilly
Date:
Feb 2024
Location:
France
Summary
A cyberattack targeting Baker Tilly's subsidiary Act21, specializing in corporate social responsibility services, resulted in system encryption and disrupted client access to their software and data. Initial investigations indicated no evidence of data exfiltration, though recovery timelines remain uncertain as the company works with cybersecurity experts to restore operations. The incident did not directly impair clients' operational activities, as Act21's platforms are not integral to their real-time functions, but affected organizations—including major entities across public and private sectors—were notified of the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 13, 2024, Baker Tilly's subsidiary Act21, specializing in corporate social responsibility (CSR) software and services, suffered a cyberattack that encrypted its systems. The attack rendered client access to their software platforms and associated data impossible, disrupting operational continuity for Act21's user base. Baker Tilly confirmed the incident publicly through a spokesperson, disclosing that initial investigations suggested client data had been encrypted but not exfiltrated during the breach. While the specific ransomware variant involved was not identified, the presence of data encryption strongly indicated a ransomware attack methodology. Act21 and Baker Tilly mobilized internal teams alongside external cybersecurity specialists to assess the damage, contain the incident, and initiate recovery procedures. The company acknowledged the inability to provide clients with a definitive timeline for full service restoration due to the complexity of decryption and system recovery efforts.
The attack exclusively impacted Act21's infrastructure, with Baker Tilly emphasizing that clients' core business operations remained unaffected as Act21's software did not directly support their real-time activities. Affected clients—including major entities like retail group Les Mousquetaires, construction firm CETIH, investment group Caisse des Dépôts, Ubisoft, Egis, EthiFinance, and public sector organizations such as Brussels' regional public service and France’s National Housing Agency (Anah)—were notified of the disruption. Baker Tilly prioritized incident response coordination with digital forensics experts while maintaining client communication regarding service availability. No evidence of data theft was identified during preliminary analysis, reducing immediate privacy risks but leaving business continuity challenges unresolved due to persistent system inaccessibility. Recovery efforts remained ongoing with no public disclosure of ransom demands, payment status, or additional technical details regarding the attackers’ entry vectors or lateral movement within Act21's network.