The California Office of the Attorney General disclosed a ransomware attack targeting Ascentium Corporation (operating as SMITH) on December 24, 2020, reported publicly on April 13, 2021. The incident compromised legacy employee data, exposing highly sensitive personal identifying information (PII), including names, Social Security numbers (SSNs), and other confidential records. The breach specifically affected internal employee data, though the exact number of impacted individuals remains undisclosed. The attack leveraged ransomware to encrypt and exfiltrate data, posing severe risks of identity theft, financial fraud, and long-term reputational harm to the company. Given the nature of the stolen information—core identifiers like SSNs—the breach carries high regulatory and legal repercussions, potentially triggering compliance violations under laws such as the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR) if applicable. The use of ransomware further escalates the threat, as attackers may demand payment for data recovery or threaten public disclosure. While the company has not confirmed whether a ransom was paid, the incident underscores critical vulnerabilities in legacy system security and the urgent need for robust cybersecurity measures to prevent similar exploits in the future.