Crowe Foederer

Crowe Foederer, headquartered in the Netherlands, experienced a significant cybersecurity incident on 10 March 2022 when a ransomware attack targeted its internal systems. The attack was detected overnight, leading the organization to immediately isolate all internal systems from external networks as a containment measure to protect its stakeholders and operations. Concurrent with the technical investigation, the organization became aware that unrelated phishing emails were being circulated that falsely appeared to originate from Crowe Foederer, adding a layer of reputational risk to the technical breach. The primary focus of the subsequent investigation was directed toward restoring the affected systems and thoroughly assessing the full circumstances of the security breach. At the time of the initial public update, the investigation had not uncovered any evidence to suggest that the attacker had successfully exfiltrated data from the organization's environment. The company committed to providing further updates as the investigation progressed and indicated that direct communication would be initiated with any specific parties found to be impacted by the findings. During the recovery period, the organization established a dedicated contact channel for urgent inquiries related to the incident.

The incident response protocol emphasized containment and transparent communication, promising to inform stakeholders should the investigation determine that personal or sensitive information had been compromised. The public statement from the organization served both as an incident notification and as a warning to its contacts about the fraudulent phishing campaigns misusing its name. This dual challenge of managing a active ransomware incident while mitigating the secondary threat of phishing attacks targeting its reputation is a notable aspect of the event. The decision to isolate systems entirely from external networks underscores a prioritization of threat containment over immediate operational continuity. The explicit mention of communicating with impacted parties only if warranted by findings suggests a measured, evidence-based approach to disclosure. The provision of a specific contact number for urgent matters indicates an established crisis communication channel for such events. The source of this information is the organization's own official news platform, which published the update on the same day as the initial detection, reflecting a relatively prompt public response to the cybersecurity event.