What Happened
The Anubis ransomware group claimed to have stolen 170GB of data from AkzoNobel, the Dutch multinational paints and coatings manufacturer. The allegedly stolen data reportedly includes confidential agreements, email addresses, phone numbers, private emails, passport scans, and internal technical documents.
AkzoNobel confirmed to Bleeping Computer that hackers breached the network of one of its US sites. The company operates in over 150 countries with annual revenue exceeding $12 billion.
Timeline
- March 2026 — Anubis ransomware group claims to have breached AkzoNobel and stolen 170GB of data
- March 2026 — AkzoNobel confirms breach of one US site network to Bleeping Computer
Threat Actor Profile
Anubis is a ransomware group that has been active in targeting large multinational organisations. The group follows the now-standard double extortion model: encrypting systems while also exfiltrating data to use as leverage for ransom payment.
Impact and Risk Assessment
For Individuals
Employees or contacts whose passport scans were allegedly stolen face identity theft risk. Passport data combined with other personal details (email, phone number, address) provides a comprehensive identity package for fraud.
For Organisations
The alleged theft of confidential agreements and internal technical documents could expose AkzoNobel’s commercial relationships, intellectual property, and competitive positioning. For a company operating across 150 countries, even a breach limited to one US site may contain data with global business implications.
Regulatory Context
As a Dutch-headquartered company with operations across the EU and US, AkzoNobel faces notification obligations under GDPR for EU-resident data and state-level breach notification laws for US-resident data. The exposure of passport scans may trigger enhanced notification requirements under GDPR given the sensitivity of identity documents.
What Should You Do?
For Individuals
- If you are an AkzoNobel employee or business contact, be alert to phishing attempts that reference specific internal details, projects, or agreements.
- If your passport data may have been involved, consider monitoring for identity fraud and contacting your passport-issuing authority for advice.
For Security Professionals
- Review your organisation’s policies on storing passport scans and identity documents digitally. Apply data minimisation principles and consider whether scans need to be retained after initial verification.
- Ensure network segmentation limits the data accessible from any single site, particularly for multinational organisations where one compromised location could contain globally relevant data.
Learnings and Recommendations
Passport scans and identity documents stored digitally represent high-value targets that create significant identity theft risk when stolen. Organisations should minimise retention of identity document copies and apply enhanced encryption where retention is necessary.
Multinational manufacturers with operations across 150+ countries face complex breach response obligations when a single site is compromised, as the data at that site may implicate individuals and regulations across multiple jurisdictions.
References
[1] Privacy Guides – Anubis ransomware claims 170GB of AkzoNobel data — https://www.privacyguides.org/
[2] Bleeping Computer – AkzoNobel confirms breach of US site network — https://www.bleepingcomputer.com/