Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data. The data stolen in these attacks can be damaging to a company as it commonly includes financials, trade secrets, unpublished reports, and emails. Many companies choose to sweep ransomware attacks under the rug and do not adequately disclose that personal data was stolen, even to employees who were affected. The denial of stolen data is not fair to employees as attackers could use their stolen personal information for identity theft and fraud.
Source: https://www.bleepingcomputer.com/news/security/companies-start-reporting-ransomware-attacks-as-data-breaches/