Diversified Canadian software company Constellation Software confirmed on Thursday that some of its systems had been hacked by threat actors who also stole personal information and business data.

“The incident was limited to a small number of systems related to internal financial reporting and associated data storage by Constellation’s operating groups and businesses,” the company said. said.

“The IT systems independent of Constellation’s operating groups and businesses were in no way affected by this incident.”

Constellation added that it had contained the attack and had now restored all IT infrastructure systems affected by the incident.

Business partners and individuals whose information was stolen in the breach are also being contacted with further details regarding the attack.

“A limited amount of personal information of individuals has been affected by the Incident. A limited amount of business partner data of Constellation companies has also been affected,” the company added.

Constellation Software acquires, manages and develops software businesses through six operating groups: Volaris, Harris, Jonas, Vela Software, Perseus Group and Topicus.

The Canadian company has more than 25,000 employees in North America, Europe, Australia, South America and Africa, generating consolidated revenues exceeding $4 billion.

Constellation also provides services to 125,000 customers in over 100 countries and has acquired over 500 software vendors since 1995.

Attack claimed by ALPHV ransomware gang

While Constellation has yet to provide any information on who was behind the attack or how the threat actors gained access to its network, ransomware gang ALPHV (aka BlackCat) has added a new entry to its site. data breach claiming they breached the company’s network and stole more than 1TB of files.

The ransomware gang also threatens to release the stolen data if the company ignores the ransom demand and refuses to negotiate.

“We have been on your network for a long time and have had time to analyze your business. We have stolen more than 1TB of your confidential data. If you ignore or refuse the agreement, we will be forced to release all your data to the public “, said the gang.

Proof that they had access to and exfiltrated files from the Constellation network, ALPHV has already leaked documents containing commercial information online.

This ransomware operation was launched in November 2021 and we believe to be a new image of the DarkSide / BlackMatter gang.

It first gained notoriety as DarkSide after attack the colonial pipeline and immediately lands in the crosshairs of international law enforcement.

Even if they rebranded as BlackMatter a month later, in July 2021, they were forced to close again in November after the seizure of the servers of the operation and Emsisoft has created a decryptor by exploiting a weakness in the ransomware.

Currently, the ALPHV gang is considered to be one of the top ransomware threats targeting businesses around the world.

Last April, the Federal Bureau of Investigation (FBI) warned that ALPHV has “extensive networks and experience in ransomware operations” since they managed to break into more than 60 entities worldwide from November 2021 to March 2022.