Atos Denies Data Breach Claims by Space Bears Ransomware Group

French digital transformation giant Atos is investigating claims made by the Space Bears ransomware group, which alleged on December 28, 2024, that it had compromised an Atos database and exfiltrated sensitive data. The company has released a security statement asserting that its initial investigation shows no evidence of a breach or ransomware attack affecting its systems, and no ransom demand has been received.

The claims originated from a post on the dark web extortion page operated by Space Bears, a ransomware group known for targeting organizations in various sectors. In their post, Space Bears disclosed what they claimed was a compromised “company database” from Atos. The post, which includes a countdown timer for the potential public release of the alleged data, suggested the group was preparing to auction or leak the information in about eight days.

Space Bears is part of a growing trend of ransomware groups that employ double-extortion tactics, where data is stolen before being encrypted, and threats are made to publicly release the stolen data if a ransom is not paid. However, Atos has stated that no ransom demand has been received so far.

Atos's response

Atos is a major global player in digital transformation, employing approximately 82,000 professionals and generating an annual revenue of around €10 billion. With leadership in cybersecurity and cutting-edge technologies, such as AI, advanced computing, and digital transformation services, Atos operates under two key business units: Tech Foundations, focused on hybrid cloud infrastructure and managed services, and Eviden, a next-generation business specializing in data-driven transformation and trusted digital technologies, supporting industries across 47 countries.

This significant market presence makes Atos a potentially high-value target for cybercriminals, particularly ransomware groups like Space Bears, which often seek out organizations with sensitive data and global influence.

In a formal security statement released yesterday, Atos addressed the allegations, stating:

“At this stage, the initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to date. Nevertheless, Atos takes such allegations very seriously. Its cybersecurity team is actively investigating the situation and updates will be provided if there is any change to the information above.”

Atos emphasized its commitment to cybersecurity, noting that it is a European leader in the field, with expertise spanning cloud services, high-performance computing, and decarbonization solutions. The company also highlighted its robust approach to securing the digital information space for its clients across 69 countries.

As Atos' cybersecurity team continues its investigation, the company has reassured clients and stakeholders that any new findings will be promptly communicated. For now, the claims remain unverified.