OmniVision Confirms Hackers Made Off with Personal Data in 2023 Ransomware Incident

Image sensor maker OmniVision is sending letters to people whose data was caught up in a 2023 ransomware attack, offering advice on how to fend off fraud and social engineering attacks.

OnniVision, founded in 1995 by Aucera Technology by Chinese semiconductor giant Will Semiconductor, has some notable technological milestones under its belt, including the first-ever application-specific integrated circuit (ASIC) in 1999, and the Guinness World Record for the smallest commercially available imaging sensor, known as the CameraCubeChip.

“OmniVision Technologies (OVT) writes to inform you of a security incident that may have involved your personal information,” the letter reads. “While we have no evidence that any actual misuse of your personal information linked to this security incident has occurred, we are providing you with information about the incident and details related to what you may do to better protect your information, should you feel it necessary to do so.”

OVT says that, on Sept. 30, 2023, it discovered “a security incident that resulted in the encryption of certain OVT systems by an unauthorized third party.”

The company immediately hired cybersecurity experts to contain the incident, notified police, and launched an investigation.

“This in-depth investigation determined that an unauthorized party took some personal information from certain systems between September 4, 2023, and September 30, 2023,” the letter continues. “On April 3, 2024, after completion of this comprehensive review, we determined that some of your personal information was involved,” the digital imaging company reveals.

The personalized letter, shared by BleepingComputer, is redacted and doesn’t include the specific data compromised for each affected person.

However, according to the cyber news site, ransomware actors under the moniker “Cactus” took responsibility for the hack and leaked an archive containing passport scans, nondisclosure agreements, contracts, and confidential documents. In other words, the hack resulted in the theft of corporate and employee data. Notably, the hackers allegedly offered the data dump for free.

OVT has increased the number of monitoring solutions within its network to better detect suspicious activity and prevent a recurrence, the company says.

“We are also in the process of updating our security policies and procedures, migrating certain systems to cloud-based operations, and requiring additional security awareness trainings within our organization,” the letter adds.

The investigation produced no evidence suggesting that the compromised information has been fraudulently used, but OVT is nevertheless offering affected individuals complimentary credit monitoring and identity restoration services for 24 months.

The company also offers steps on how to mitigate fraud attempts and tells recipients to “be on guard for schemes where malicious actors may pretend to represent OVT or reference this incident.”

Affected individuals may want to consider a data monitoring service like Bitdefender Digital Identity Protection. DIP lets you instantly find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.

Bitdefender recently introduced Scamio, a free scam detector and prevention service for anyone with a Bitdefender account. Suspicious about a certain phone call, email, or SMS? Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check, such as a screenshot, PDF, QR code, or link. Scamio lets you know in seconds if it’s a sham.