Cyber Incident Victim: Banijay Group SAS
Date:
Nov 2020
Location:
France
Summary
A French multinational production firm behind major entertainment brands was compromised in a ransomware attack affecting acquired Endemol Shine Group networks, resulting in potential exposure of current and former employee personal data alongside commercially sensitive information. The DoppelPaymer ransomware gang claimed responsibility, leaking internal documents including GDPR compliance materials to substantiate their involvement. The incident impacted systems in the UK and Netherlands, prompting engagement of third-party security experts and notifications to local authorities. Known for targeting enterprises with high ransom demands, the attackers leveraged stolen credentials to deploy ransomware across networks, though the company's investigation remained ongoing at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 2020, French multinational production and distribution firm Banijay Group SAS suffered a cyberattack attributed to the DoppelPaymer ransomware operation. The incident specifically impacted networks associated with Endemol Shine Group and Endemol Shine International, entities Banijay had acquired in a $2.2 billion deal finalized in July 2020. Attackers exfiltrated sensitive data including personal information of current and former employees alongside commercially sensitive documents. Banijay publicly confirmed the breach on November 27, 2020, reporting the incident to authorities in the United Kingdom and the Netherlands—jurisdictions where the compromised assets resided. The company engaged third-party cybersecurity specialists to investigate the scope of the intrusion and data exposure, emphasizing ongoing efforts to determine whether stolen information had been misused.
The DoppelPaymer ransomware group claimed responsibility for the attack, publishing samples of stolen documents as proof, including an internal GDPR compliance file—a tactic highlighting potential regulatory consequences. This ransomware operation, active since at least mid-2019, typically leveraged compromised administrative credentials to deploy encryption across entire networks, often demanding multimillion-dollar ransoms from enterprise victims. While Banijay did not disclose whether a ransom was demanded or paid, the attackers’ history—including a 2019 incident where Mexico’s PEMEX was asked for $4.9 million in Bitcoin—suggested high financial stakes. The breach exposed vulnerabilities in newly integrated systems following Banijay’s acquisition of Endemol Shine Group, which housed globally recognized entertainment brands like *MasterChef*, *Big Brother*, and *Black Mirror*. Banijay’s response remained focused on forensic analysis, regulatory compliance, and direct communication with affected individuals pending confirmation of data misuse.