Keytronic Admits Data Breach Following Ransomware Attack

Threat Actor: Black Basta ransomware group | Black Basta ransomware group
Victim: Keytronic | Keytronic
Price: N/A
Exfiltrated Data Type: HR, Finance, Engineering documents, Corporate data, and home users data

Additional Information:

  • Keytronic confirmed a data breach after a ransomware group leaked allegedly stolen personal information from its systems.
  • The Black Basta ransomware group claims to have stolen approximately 530 GB of data from Keytronic.
  • The stolen data includes HR, Finance, Engineering documents, Corporate data, and home users data.
  • The breach caused disruptions and limitations of access to the company’s business applications supporting its operations and corporate functions.
  • The company has restored its operations and corporate functions and locked out the unauthorized third party.
  • Keytronic is notifying potentially affected parties and regulatory agencies.
  • The company has incurred $600,000 in expenses related to the cybersecurity incident to date.
  • Financial losses are greater due to lost production for approximately two weeks in its domestic and Mexico operations.

Keytronic has confirmed a data breach after a ransomware group leaked allegedly stolen personal information from its systems. The company did not provide any info on the ransomware operation that hit its network, however Black Basta ransomware group leaked over 500 gigabytes of data allegedly stolen from the company. Black Basta ransomware group claims to have stolen ≈530 GB of data, including HR, Finance, Engineering documents, Corporate data, and home users data.

On May 6, 2024, the company detected unauthorized access to portions of its information technology systems. Keytronic immediately launched an investigation into the incident with the help of external cybersecurity experts and notified law enforcement.

The company was forced to halt domestic and Mexico operations for approximately two weeks.

“The cybersecurity incident caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.” reads the FORM 8-K/A filed with SEC. “Since the date of the Original Report, the Company has determined that the threat actor accessed and exfiltrated limited data from the Company’s environment, which includes some personally identifiable information.”

As of the date of the FORM 8-K filing, the company has restored its operations and corporate functions and locked out the unauthorized third party.

Keytronic is notifying potentially affected parties and regulatory agencies.

The company confirmed that it has already incurred $600,000 in expenses related to the cybersecurity incident to date. The bad news is that financial losses are greater due to lost production for approximately two weeks in its domestic and Mexico operations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Keytronic)



Original Source: https://securityaffairs.com/164642/data-breach/keytronic-blackbasta-ransomware.html