Schneider Electric has confirmed that a developer platform was hacked after a threat actor claimed to have stolen 40GB of data from the company's JIRA server.

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms hosted in an isolated environment,” Schneider Electric told BleepingComputer.

“Our Global Incident Response team was immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.”

Schneider Electric is a French multinational company that produces energy and automation products ranging from big-box household electrical components to corporate industrial control and building automation products.

Over the weekend, a threat actor known as “Grep” mocked the company on X and claimed to have penetrated its systems.

In a conversation with BleepingComputer, Grep said that they broke into Schneider Electric's Jira server with exposed credentials. After gaining access, they claimed to have used a MiniOrange REST API to scrape 400,000 lines of user data, which, according to Grep, included 75,000 unique email addresses and full names of Schneider Electric employees and customers.

In a post on a dark website, the threat actor jokingly demands $125,000 in “baguettes” to keep the data from being leaked and shares more details about what was stolen.

“This breach compromised critical data, including projects, issues and plugins, along with over 400,000 lines of user data, totaling more than 40GB of compressed data,” reads a post on the extortion site Hellcat.

Grep told BleepingComputer that they recently formed a new hacking group, the International Contract Agency (ICA), named after the game Hitman: Codename 47. The threat actor says this group has not previously blackmailed the companies they breached has.

However, after learning that the name “ICA” was associated with an “Islamic terrorist group,” the threat actors said they had rebranded themselves as the Hellcat ransomware gang and were currently testing an encryptor that works at to be used in extortion attacks.

Grep told BleepingComputer that they are blackmailing Schneider Electric, demanding $125,000 not to reveal the stolen data and half of that if an official statement is released.

Earlier this year, Schneider Electric's Sustainability Business unit was targeted by a Cactus ransomware attack, in which the threat actors claimed to have stolen terabytes of data.

Update 11/5/24: The story has been updated to clarify that they have switched to the Hellcat name and are blackmailing Schneider Electric.