The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites.

Following a data leak from the Anubis ransomware gang, a company spokesperson said that the intrusion has been contained and that the impact is limited.

“AkzoNobel has identified a security incident at one of our sites in the United States. The incident was limited to the respective site and was already contained,” the company told BleepingComputer.

“The impact is limited, and we are taking the appropriate steps to notify and support impacted parties, and will work closely with relevant authorities.”

AkzoNobel is a major paints and coatings company with 35,000 employees. It has an annual revenue exceeding $12 billion and active operations in over 150 countries. Brands under its corporate umbrella include Dulux, Sikkens, International, and Interpon.

Anubis ransomware claims to have stolen from AkzoNobel 170GB of data, almost 170,000 files, and leaked on its leak site samples that include screenshots of select documents and a list of the stolen files.

The published data contains confidential agreements with high-profile clients, email addresses and phone numbers, private email correspondence, passport scans, material testing documents, and internal technical specification sheets.

At the time of writing, the Anubis leak is only partial. AkzoNobel did not share with BleepingComputer any information on whether it engaged with the threat actor.

Anubis is a ransomware-as-a-service (RaaS) operation that launched in December 2024, offering affiliates 80% of the paid ransoms.

In February 2025, the operators launched an affiliate program on the RAMP forum, boosting its activity and influence in the cybercrime space.

In June the same year, Anubis added to its arsenal a data wiper that destroys the victim’s files to make recovery impossible.