Johnson Controls Investigated for Exposing Security Information in Massive Ransomware Attack

The Department of Homeland Security (DHS) is investigating whether a recent ransomware attack on government contractor Johnson Controls International has compromised sensitive physical security information, including DHS floor plans. Johnson Controls holds classified contracts for DHS that depict the physical security of many DHS facilities. The potential government shutdown adds urgency to determine the impact of the attack on DHS systems. The incident highlights the cybersecurity risks associated with working with private contractors for key government services. Ransomware gangs often target government contractors for their leverage in ransom negotiations. It is unclear if a ransom has been demanded in this case. Johnson Controls has hired external cybersecurity experts to recover from the attack, while DHS officials are also checking for any potential compromise of personally identifiable information.