The intrusion took place last week, and hackers stole files from the company's network, encrypted files using ransomware, and are now threatening to release sensitive information on the dark web unless the company pays a hefty ransom demand.
ZDNet learned of the incident from a source last week but was also contacted by the hackers today, who reached out to share a link to the website where they plan to release ZHA data.
The hackers, who said they go by the name of Light (possibly the name of their ransomware variant), provided ZDNet with proof of having ZHA files in their possession.
These included payroll records, bank documents, files holding employee details, life insurance details, employee contracts, email inbox dumps, and more.
Other files included the SSL certificate for the Zaha-Hadid.com website and user account credentials for the company's Active Directory server.
The Light hacker gang told ZDNet that they intend to publish the data later today if the company does not pay the ransom demand.
Hackers said the company has refused to engage in any communications and ignored all their emails.
The hackers' statement is in line with a report from the Architects' Journal, which reported yesterday that ZHA contacted law enforcement as soon as they learned of the hack, and refused to engage with the ransomware gang, instead, working with a forensics firm to investigate the breach and restore from backups.
In a phone call today, ZHA admitted to the security breach but did not return an email seeking answers to additional questions.
A new ransomware gang that leaks stolen files
Since December 2019, it has now become a common practice for ransomware gangs to breach high-profile companies, steal data, encrypt the company's internal network, and post stolen data on dark web portals as revenge in case the company refuses to pay.
A list of all the ransomware gangs who engage in this practice is available here.
To ZDNet's knowledge, the Light gang appears to be a new ransomware group, which the group confirmed in an email.
According to the ID-Ransomware portal, security researchers are not yet aware of any ransomware strain going by the name of Light.