Cyber Incident Victim: SeaChange International

On or around April 23, 2020, the Sodinokibi (REvil) ransomware group claimed responsibility for a cyberattack against SeaChange International, a Waltham, Massachusetts-based provider of video-on-demand and streaming platforms with operations in Poland and Brazil. The attackers published evidence of stolen data on their dedicated leak site, a tactic increasingly adopted by ransomware operators since 2019 to coerce victims into paying ransoms. The leaked materials included screenshots of server folders allegedly accessed during the breach, a bank statement, insurance certificates, a driver’s license, and a cover letter for a proposal related to a Pentagon video-on-demand service. SeaChange’s client portfolio included major entities such as the BBC, Verizon, DISH, COX, and DirecTV, though the specific impact on these customers was not disclosed. Sodinokibi operators declined to disclose the ransom demand amount or the total volume of data exfiltrated when questioned by BleepingComputer, citing a policy of withholding victim details unless companies refused negotiations or payment.

The breach attracted attention due to the inclusion of a Pentagon-related document, prompting inquiries to the U.S. Department of Defense (DOD). A DOD spokesperson, Lt. Col. Robert Carver, stated on April 24, 2020, that the department would not comment on potential intrusions involving its networks or contractor systems, adhering to standard policy. SeaChange did not respond to multiple requests for comment from BleepingComputer regarding the alleged breach or the data samples published by Sodinokibi. The attackers’ publication of selective documents aligned with their established pattern of gradually releasing stolen data to intensify pressure on victims. No further technical details about the attack vector, encryption scope, SeaChange’s internal detection timeline, or containment measures were disclosed in available public reporting.