The incident came to light after the Anubis ransomware gang published data allegedly stolen from the company. In response, a spokesperson clarified that the breach was quickly contained and did not spread beyond the affected location.

“AkzoNobel has identified a security incident at one of our sites in the United States. The incident was limited to the respective site and was already contained,” the company told BleepingComputer. “The impact is limited, and we are taking the appropriate steps to notify and support impacted parties, and will work closely with relevant authorities.”

With a workforce of around 35,000 employees, AkzoNobel generates over $12 billion in annual revenue and operates across more than 150 countries. Its portfolio includes well-known brands such as Dulux, Sikkens, International, and Interpon.

The Anubis ransomware group claims it exfiltrated approximately 170GB of data, comprising nearly 170,000 files. It has also released sample materials on its leak site, including screenshots and file listings as proof of the breach.

According to the group, the leaked data contains sensitive information such as confidential contracts with major clients, contact details, internal communications, passport copies, testing documentation, and technical specifications.

So far, only a portion of the stolen data has been made public. The company has not disclosed whether it has engaged in any negotiations with the attackers.

Anubis operates under a ransomware-as-a-service (RaaS) model, which began in December 2024, offering affiliates a significant share—up to 80%—of ransom payments. The group expanded its reach in February 2025 by launching an affiliate initiative on underground forums, increasing its presence in cybercrime activities

Later in June 2025, the group introduced a destructive tool capable of permanently erasing victims’ data, making recovery efforts significantly more challenging