Cyber Incident Victim: Coghlin Electrical Co.

On July 26, 2021, Worcester-based Coghlin Electrical Corporation experienced a ransomware attack disrupting its operations. Initial reports indicated the company successfully restored compromised files from backups, though specific technical details about the ransomware variant or initial intrusion methods were not disclosed by the company. Coghlin CEO Susan Mailman declined to elaborate on the incident when contacted by media outlets following the attack. Public reporting raised unanswered questions regarding potential data exfiltration and whether stolen files contained sensitive personal information, as the company’s initial communications did not address these aspects. The Worcester Telegram & Gazette first reported the incident on July 30, four days after the attack occurred, while subsequent coverage noted the absence of confirmed details about data compromise or operational impacts beyond file encryption.

An update emerged when the Avos Locker ransomware group listed Coghlin Electrical on its data leak site, asserting they had exfiltrated sensitive corporate and employee data prior to encryption. The threat actors claimed possession of financial documents, invoices, bank statements, scanned employee and executive passports, and IRS tax forms belonging to staff and CEO Susan Marie Mailman. This disclosure introduced confirmed evidence of data theft beyond initial encryption impacts, expanding the incident’s scope to include potential privacy risks for affected individuals. Coghlin Electrical did not publicly verify or comment on Avos Locker’s claims, leaving the extent of data exposure unconfirmed by the company. The incident’s public documentation remained limited to media reports and the ransomware group’s assertions, with no additional official statements detailing containment measures, forensic findings, or post-incident remediation efforts beyond the initial backup recovery.