Cyber Incident Victim: MAS Holdings

In April 2020, MAS Holdings, South Asia’s largest lingerie manufacturer and a supplier to major brands including Victoria’s Secret, Nike, and Lululemon, suffered a ransomware attack attributed to the Nefilim group. The attackers initially leaked a portion of stolen data, with a second 28GB leak published on April 27, 2020. Compromised information included financial records, employee details, and audit findings conducted by PwC, reflecting the theft of sensitive internal documents. MAS Holdings, which operated 53 manufacturing facilities across 17 countries with over 99,000 employees and reported $2 billion revenue in 2018, had its global operations impacted, though the specific disruption to manufacturing or IT systems was not detailed in available sources. The breach exposed strategic partnership documents with entities such as Brandot International, MAST Industries, and Nike Inc., indicating corporate-level data exfiltration.

Cyble researchers independently verified the authenticity of the leaked data, confirming its scope encompassed financial and personnel records. No public statements from MAS Holdings regarding incident response, containment measures, or ransom negotiations were documented in the source material. The Nefilim group, which had previously targeted Brazilian conglomerate COSAN, leveraged the breach to publish data in two stages, suggesting ongoing extortion attempts. The incident highlighted risks to MAS Holdings’ supply chain, given its design hubs in New York, London, Hong Kong, and Colombo, though downstream impacts on partner brands were not disclosed. Cyble’s analysis provided third-party validation of the attack’s severity but did not elaborate on forensic findings or recovery timelines. The breach underscored vulnerabilities in large-scale apparel manufacturing networks, particularly given MAS Holdings’ diversified operations spanning IT services and industrial parks alongside core apparel production.