Page last updated on August 21, 2024
KEY TRONIC CORP initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-05-09 20:17:42 EDT.
Incident Details
Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)
Compromised Date:
Detected Date: 2024-05-06
Disclosure Date: 2024-05-09
Contained Date: 2024-05-09
Recovered Date: 2024-06-14
Attack Goal: Unknown
Costs: $17.3M
- Lost revenue (Direct): $15M - As part of the closing process for the fourth quarter of fiscal year 2024, the Company has determined that, due to the cybersecurity incident, it was unable to fulfill approximately $15 million of revenue during the fourth quarter. Most of these orders are expected to be fulfilled in fiscal year 2025.
- Incident response (Direct): $2.3M - Aug 6, 2024 update: As part of the closing process for the fourth quarter of fiscal year 2024, the Company has determined that, due to the cybersecurity incident, it incurred approximately $2.3 million of additional expenses
June 14, 2024 update: The Company has also incurred, and may continue to incur, expenses related to the cybersecurity incident, including approximately $600,000 to date related to external cybersecurity experts.
Filings
8-K filed on 2024-05-09
KEY TRONIC CORP filed an 8-K at 2024-05-09 20:17:42 EDT
Accession Number: 0000719733-24-000015
Item 1.05 Material Cybersecurity Incidents.
On May 6, 2024, Key Tronic Corporation (the “Company”) detected unauthorized third party access to portions of its information technology (“IT”) systems. Upon detection of this outside threat, the Company activated its cyber incident procedure to investigate, contain, and remediate the incident, including beginning an investigation with external cybersecurity experts and notifying law enforcement. The incident has caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems. As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known, but based on the information reviewed to date, the Company believes the unauthorized activity has been contained and is working diligently to bring the impacted portions of its IT system back online.
As of the date of this filing, the Company does not believe the incident is reasonably likely to have a material impact on the Company, including its financial condition or results of operations.
8-K/A filed on 2024-06-14
KEY TRONIC CORP filed a 8-K/A at 2024-06-14 16:14:36 EDT
Accession Number: 0000719733-24-000035
Explanatory Note.
This Current Report on Form 8-K/A (this “Amendment”) amends, and should be read in conjunction with, the Current Report on Form 8-K previously filed by Key Tronic Corporation (the “Company,” “our” or “we”) with the Securities and Exchange Commission on May 10, 2024 (the “Original Report”).
Item 1.05 Material Cybersecurity Incidents.
As disclosed in the Original Report, on May 6, 2024, the Company detected unauthorized third party access to portions of its information technology (“IT”) systems (the “cybersecurity incident”). Upon detection of this outside threat, the Company activated its cyber incident response procedure to investigate, contain, and remediate the incident, including engaging external cybersecurity experts to help investigate the scope and impact of the cybersecurity incident and notifying law enforcement. The cybersecurity incident caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.
As a precautionary measure, the Company halted domestic and Mexico operations for approximately two weeks during remediation efforts, but other international operations continued without disruption. As of the date of this filing, the Company’s operations and corporate functions have been restored, and we believe that the unauthorized third party no longer has access to the Company’s IT systems.
Since the date of the Original Report, the Company has determined that the threat actor accessed and exfiltrated limited data from the Company’s environment, which includes some personally identifiable information. The Company is in the process of providing appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.
The Company has also incurred, and may continue to incur, expenses related to the cybersecurity incident, including approximately $600,000 to date related to external cybersecurity experts. The Company believes that the impact to profit margins due to lost production for approximately two weeks in its domestic and Mexico operations and the incremental expense measures to recover from and remediate the cybersecurity incident will have a material impact on the Company’s financial condition and results of operations during the fourth quarter ending June 29, 2024.
8-K/A filed on 2024-08-06
KEY TRONIC CORP filed a 8-K/A at 2024-08-06 15:57:14 EDT
Accession Number: 0000719733-24-000047
Explanatory Note.
This Current Report on Form 8-K/A (this “Amendment”) amends, and should be read in conjunction with, the Current Report on Form 8-K filed by Key Tronic Corporation (the “Company,” “our” or “we”) with the Securities and Exchange Commission (the “SEC”) on May 10, 2024, as amended by Amendment No. 1 filed by the Company with the SEC on June 14, 2024 (the “Original Report”). The Company is filing this Amendment No. 2 to provide supplemental information regarding the material impact of cybersecurity incident (as defined below) on the Company.
Item 1.05 Material Cybersecurity Incidents.
As previously disclosed in the Original Report, on May 6, 2024, the Company detected unauthorized third party access to portions of its information technology (“IT”) systems (the “cybersecurity incident”). Upon detection of this outside threat, the Company activated its cyber incident response procedure to investigate, contain, and remediate the incident, including engaging external cybersecurity experts to help investigate the scope and impact of the cybersecurity incident and notifying law enforcement. The cybersecurity incident caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.
As a precautionary measure, the Company halted domestic and Mexico operations for approximately two weeks during remediation efforts. After production was restarted, these locations returned to near capacity approximately another two weeks later. Other international operations continued production without material disruption from the cybersecurity incident. During the disruption of business, the Company continued to pay wages in accordance with statutory requirements. The Company also deployed new IT-related infrastructure and engaged cyber security experts to remediate the incident. The Company’s operations and corporate functions were restored in mid-June, and we believe that the unauthorized third party no longer has access to the Company’s IT systems.
Also as previously disclosed, the Company determined that the threat actor accessed and exfiltrated limited data from the Company’s environment, which includes some personally identifiable information. The Company is continuing the process of providing appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.
As part of the closing process for the fourth quarter of fiscal year 2024, the Company has determined that, due to the cybersecurity incident, it incurred approximately $2.3 million of additional expenses, and was unable to fulfill approximately $15 million of revenue during the fourth quarter. Most of these orders are expected to be fulfilled in fiscal year 2025.
Company Information
Name | KEY TRONIC CORP |
CIK | 0000719733 |
SIC Description | Printed Circuit Boards |
Ticker | KTCC - Nasdaq |
Website | |
Category | Non-accelerated filer Smaller reporting company |
Fiscal Year End | June 28 |