Hardware company Keytronic has confirmed a major data breach weeks after the Black Basta ransomware group leaked more than 500GB of data stolen from the company about two weeks ago.
The company, known for its printed circuit board assembly (PCBA), reported the cyberattack in a filing with the SEC more than a month ago, on May 6; The attack was believed to have disrupted Keytronic's operations, limiting access to business applications essential to corporate activities.
In its SEC filing, Keytronic detailed the impact of the breach, including a two-week shutdown of domestic and Mexican operations to address the incident. Although normal operations have resumed, the investigation confirmed that personal information had been stolen during the attack.
Keytronic confirms Black Basta attack
“Since the date of the Original Report, the Company has determined that the threat actor accessed and exfiltrated limited data from the Company's environment, including certain personally identifiable information,” a filing statement reads.
Keytronic is now notifying potentially affected parties and regulatory agencies.
In addition to the impact of the attack on personal data, Keytronic also disclosed that the resulting loss of production could impact its financial condition for the fourth quarter, which ends June 29. The company incurred about $600,000 in expenses for outside cybersecurity experts, and more costs are anticipated.
Although Keytronic has not named the attackers, Black Basta has claimed responsibility, claiming they stole human resources, finance, engineering and corporate data, sharing screenshots of sensitive information such as employees' passports and social security cards, presentations of clients and corporate documents.
TechRadar Pro has asked Keytronic to share more information and context, but we did not receive an immediate response.
