2024-07-05 Crimson Wine Group, Ltd Cybersecurity Incident

Page last updated on July 25, 2024

Crimson Wine Group, Ltd initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-07-05 16:10:30 EDT.

Company Summary

Crimson Wine Group is a brand that produces and supplies a range of wines.

Incident Details

Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2024-06-30
Detected Date: 2024-06-30
Disclosure Date: 2024-07-05
Contained Date:
Recovered Date: 2024-07-25

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2024-07-05

Crimson Wine Group, Ltd filed an 8-K at 2024-07-05 16:10:30 EDT
Accession Number: 0001562151-24-000030

Item 8.01 Other Events.

On June 30, 2024, Crimson Wine Group, Ltd. (the “Company”) determined that the Company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems of the Company. The Company currently believes that this unauthorized third party gained such access on June 30, 2024. Following detection of the incident, the Company initiated response protocols and launched an investigation, which remains ongoing.

The Company is in the early stages of its investigation and assessment of this incident. The full scope of the costs and related impacts of this incident has not been determined. The Company is unable to determine at this time whether the incident has had or will have a material impact on the Company’s operations.

8-K filed on 2024-07-25

Crimson Wine Group, Ltd filed an 8-K at 2024-07-25 17:27:01 EDT
Accession Number: 0001562151-24-000032

Item 1.05 Material Cybersecurity Incidents.

As previously disclosed on the Current Report on Form 8-K filed by Crimson Wine Group, Ltd. (the “Company”) on July 5, 2024 (the “Initial Report”), on June 30, 2024, the Company detected a cybersecurity incident in which an unauthorized third party gained access to certain information systems of the Company. Upon detection, the Company promptly initiated response protocols and began taking steps to contain, assess and remediate the cybersecurity incident, including launching an investigation with external cybersecurity experts. As the Company was in early stages of its investigation and assessment of the incident, it was unable to determine at the time of the Initial Report whether the incident had or will have a material impact on the Company.

On July 25, 2024, the Company determined that the cybersecurity incident has likely had a material impact on the Company’s business operations. The incident consisted of the third party’s unauthorized access to a portion of the Company’s internal information systems and the exfiltration of certain files, including files potentially containing sensitive personal information. The Company is still investigating the extent of any personal or otherwise sensitive information contained in the files acquired by the unauthorized third party, including if any personal information of customers was impacted. The Company intends to provide required notifications to affected and potentially affected parties and to applicable regulatory agencies. As part of its process to contain, assess and remediate the incident, the Company took measures, including shutting down certain of its systems, to isolate its operations from the Internet, which resulted in disruption to the Company’s business operations, despite the implementation of workarounds for certain offline operations, and limitation of access to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems. Although the Company has substantially restored its information systems and data that were impacted by the cybersecurity incident and has resumed normal business operations, it continues to assess operational impacts and evaluate additional measures to strengthen its surveillance of cybersecurity threats and to prevent unauthorized cybersecurity incidents on or conducted through its information systems and to strengthen its information backup protocols.

Although the Company has determined that the cybersecurity incident has likely had a material impact on the Company’s business operations, as of the date of this Current Report on Form 8-K, the Company believes that the cybersecurity incident has not had a material impact on the Company’s overall financial condition or results of operations. and the Company does not believe the cybersecurity incident is reasonably likely to materially impact the Company’s overall financial condition or results of operations. The Company believes it holds adequate cybersecurity insurance to offset a substantial portion of the costs of the cybersecurity incident; however, the Company may incur expenses and losses related to this incident that are not covered by insurance. To the extent the Company incurs future, material direct expenses or other losses as result of this cybersecurity incident, and those costs are not covered by insurance, the Company will report such material losses in the appropriate period.

The Company remains subject to various risks due to the cybersecurity incident, including potential litigation, changes in customer behavior, additional regulatory scrutiny, and the subsequent availability of, or increase in cost to the Company of, its insurance policy covering cybersecurity incidents.

Company Information