Medusa ransomware group claims it compromised System Pavers’ internal systems

California-based construction company System Pavers admitted to suffering a serious data security incident not long after the Medusa ransomware group claimed that it stole confidential data from the company’s internal network.

 

Headquartered in Santa Ana, California, System Pavers is a residential construction company that provides outdoor flooring services. Since 1992, the company has been designing and building outdoor living elements that include hardscapes, turf, outdoor kitchens, BBQ islands, water features, fire features, patios, and driveways.

 

In a data security incident notice filed with the Office of Maine Attorney General, System Pavers said that on  October 4, it identified suspicious activity affecting systems within its internal network. 

 

The construction company said it immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident, took steps to recover the affected systems and notified relevant law enforcement authorities about the incident.

 

“Through the investigation, we learned that an unauthorised actor accessed certain data between September 20, 2024 and October 4, 2024,” reads the notice. While the company is yet to share the number of affected individuals, it said that the compromised data included names and other personal identifiers. 

 

“While we have measures in place to protect information in our care, as part of our ongoing commitment to the privacy of information, we continue to review our policies, procedures and processes related to the storage and access of personal information to reduce the likelihood of a similar future event,” the company added.

 

System Pavers has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Experian all affected individuals.

 

In October, the Medusa ransomware group claimed responsibility for the cyber attack on system Pavers and listed it as a victim on its data leak site.

 

 

The group claimed to be in possession of confidential data and demanded a ransom of $1 million to be paid in a week, after which it threatened to leak the data. It’s not clear if the company paid a ransom to regain access to the stolen data.