Schneider Electric suffers data breach, exposing critical project and user data – Source: www.csoonline.com

A hacker group known as “Grep” has reportedly infiltrated Schneider Electric’s internal project tracking system, stealing about 40 GB of data in the latest cyberattack targeting the French multinational.

Grep, which has rebranded itself as the “Hellcat ransomware gang,” claimed it gained access to Schneider’s Atlassian Jira server using exposed credentials, allowing it to scrape 400,000 rows of sensitive user data.

The data reportedly includes names and email addresses of both employees and customers, alongside project files and other critical details.

The breach was disclosed through a public post on social media platform X, where the hackers demanded a ransom of $125,000, humorously framed as payment in “baguettes” to prevent data release.

“We have successfully breached Schneider Electric’s infrastructure, accessing their Atlassian Jira system,” the hacker’s social media post read. “To secure the deletion of this data and prevent its public release, we require $125,000 in Baguettes. Failure to meet this demand will result in the dissemination of the compromised information.”

“…its your choice Olivier,” the post added.

The message, directly addressed to “Olivier” — likely referring to Olivier Blum, who took over as CEO on the same day the breach was disclosed — warned of public data exposure if the ransom was not paid, adding a half-price discount on the condition Schneider publicly acknowledged the breach.

In response, Schneider Electric confirmed the incident.

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” Schneider Electric said in a statement. “Our Global Incident Response team has been immediately mobilized to respond to the incident.”

The company reassured customers that its “products and services remain unaffected” and that investigations are underway.

A persistent security concern

This latest breach marks Schneider Electric’s third cybersecurity incident within two years, signaling a persistent cybersecurity challenge for the energy and automation giant. Earlier this year, Schneider’s “Sustainability Business” division was hit by a Cactus ransomware attack, which affected the Resource Advisor platform, a tool utilized by over 2,000 global customers to track energy and resource usage.

In a separate incident, Schneider was impacted by the Clop ransomware gang, exploiting the MOVEit vulnerability that has affected organizations globally.

Schneider’s repeated exposure to cybersecurity threats highlights the urgent need for reinforced security measures within its global infrastructure. As a leading player in energy management and automation, Schneider Electric’s significant presence in critical infrastructure sectors makes it an attractive target for cybercriminals seeking valuable data and high-impact vulnerabilities.

New leadership and mounting challenges

Although unrelated, the timing of this breach aligns with the leadership transition at Schneider Electric, where Olivier Blum has succeeded Peter Herweck as CEO. This dual occurrence underscores the critical mandate for Schneider’s new leadership: to both fortify its cybersecurity framework and steer strategic growth in high-stakes markets like data centers and energy management.

Blum’s immediate challenge will be to safeguard Schneider’s reputation and resilience in an increasingly digital landscape while addressing the vulnerabilities that have plagued the company’s security measures.

By bringing robust cybersecurity to the forefront of its agenda, Schneider’s leadership transition could mark a turning point in its approach to security — a necessity for a company with deep-rooted influence across industries undergoing digital transformation.