Cyber Incident Victim: Canyon Bicycles GmbH

On or around August 6, 2020, Canon experienced a ransomware attack that disrupted multiple critical services. The company confirmed the incident through an internal alert distributed to employees, acknowledging operational impacts on its email systems, Microsoft Teams collaboration platform, U.S. corporate website, and various internal applications. Concurrently, Canon’s image.canon cloud photo and video storage service suffered an extended outage affecting users of its free 10GB storage tier. This disruption resulted in confirmed data loss for subscribers relying on the platform’s complimentary storage features, though the company did not immediately disclose the attack’s root cause or the specific ransomware variant involved. Canon initiated response protocols to contain the incident but provided no public statement regarding data exfiltration or encryption scope during the initial disclosure phase.

The attack’s operational consequences included sustained service unavailability across affected platforms, with recovery efforts prioritized for business-critical systems. While internal communications verified the ransomware’s impact on corporate infrastructure, external observers independently correlated the image.canon service degradation with broader security compromises. Canon maintained limited transparency regarding remediation timelines or forensic findings, focusing instead on restoring core functionality. Data loss remained confined to the cloud storage service’s free-tier users, with no immediate evidence suggesting compromise of paid subscriber accounts or enterprise customer data. The company continued investigating the incident’s full scope while coordinating with relevant cybersecurity partners to mitigate further risks.