Top toymaker Mattel revealed it was a victim of a ransomware attack that successfully encrypted some data and temporarily crippled a limited number of business functions. The disclosure was part of a U.S. Securities Exchange Commission (SEC) disclosure filed in late October.
Mattel reported the attack occurred on July 28, 2020 and that, for the most part, it was mitigated quickly and had a minimal impact on the company.
“Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations,” according to the company’s 10-Q regulatory filing with the SEC.
It’s unclear how the attack occurred, the malware used, threat actors behind the attack and strain of ransomware used by adversaries.
“A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer or employee data was identified. There has been no material impact to Mattel’s operations or financial condition as a result of the incident,” the company wrote.
The Mattel attack revelation represents the latest incident that is part of a string of reported ransomware incidents against large corporations and the healthcare industry. In April, IT services giant Cognizant reported it had been hit by the Maze ransomware group in a cyberattack that has caused service disruptions. In July, the same month Mattel was victimized by ransomware, cybersecurity researchers reported a sharp uptick in ransomware attacks. In North America, ransomware was up 105 percent, according to the report by SonicWall.
Recent ransomware attacks have also targeted the healthcare sector, as attackers look to exploit COVID-19 related stresses put on hospital infrastructures. Last week federal law enforcement officials sounded the alarm and issued a dire warning of more ransomware attacks to come.
As for Mattel, it is downplaying the impact of the ransomware attack it fended off, explaining no “sensitive business data or retail customer, supplier, consumer, or employee data” was exposed or extorted as a result of the attack.
“While Mattel carries cyber and business continuity insurance commensurate with its size and the nature of its operations, there can be no guarantee that costs incurred as a result of cyber-events will be covered completely,” it said.
Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are getting hammered by ransomware attacks in 2020. Save your spot for this FREE webinar on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, limited-engagement webinar.