2024-07-15 BASSETT FURNITURE INDUSTRIES INC Cybersecurity Incident

Page last updated on August 21, 2024

BASSETT FURNITURE INDUSTRIES INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-07-15 16:59:07 EDT.

Company Summary

Bassett Furniture is U.S.A’s leading furniture portal with stores in more than 50 cities. They also develop mobile applications to help control certain furniture.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2024-07-10
Disclosure Date: 2024-07-15
Contained Date: 2024-07-10
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2024-07-15

BASSETT FURNITURE INDUSTRIES INC filed an 8-K at 2024-07-15 16:59:07 EDT
Accession Number: 0001437749-24-022743

Item 1.05 Material Cybersecurity Incidents.

On July 10, 2024, Bassett Furniture Industries, Incorporated (the “Company”) detected unauthorized occurrences on a portion of its information technology (IT) systems. Upon detecting the unauthorized occurrences, the Company immediately began taking steps to contain, assess and remediate the incident, including beginning an investigation, activating its incident response plan, and shutting down some systems. The threat actor disrupted the Company’s business operations by encrypting some data files. As a result of the Company’s containment measures, which included shutting down some systems, the Company has not been, and, as of the date of this Report is not operating its manufacturing facilities. The Company’s retail stores and e-commerce platform are open, and customers are able to place orders and purchase available merchandise; however, the Company’s ability to fulfill orders is currently impacted. The Company is working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations with the aim of reducing disruption to its ability to serve its retail, e-commerce and wholesale customers. At this time, the Company does not believe personal information from consumers was compromised. The Company continues to work diligently to respond to and mitigate the impact from the incident.

As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known. As of the date of this filing, the incident has had and is reasonably likely to continue to have a material impact on the Company’s business operations until recovery efforts are completed. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

8-K/A filed on 2024-08-05

BASSETT FURNITURE INDUSTRIES INC filed a 8-K/A at 2024-08-05 17:48:39 EDT
Accession Number: 0001437749-24-024679

Item 1.05 Material Cybersecurity Incidents.

As disclosed in the Original Report, on July 10, 2024, Bassett detected unauthorized occurrences on a portion of its information technology (IT) systems. Upon detecting the unauthorized occurrences, Bassett immediately began taking steps to contain, assess and remediate the cyber incident, including beginning an investigation with leading external cybersecurity specialists, activating its incident response plan, and shutting down some systems. As a result of these and other measures, and while Bassett’s investigation and remediation efforts remain ongoing, Bassett believes the threat actor was ejected from Bassett’s IT systems on July 10, 2024.

As of the date of this Amendment, Bassett-operated retail stores, e-commerce site, manufacturing facilities and distribution centers are operating. After Bassett shut down some of its systems, Bassett experienced disruption to certain of its operations, including interrupted manufacturing at Bassett’s domestic plants and delayed order fulfillment for its retail network and delay of some wholesale shipments. Since the filing of the Original Report, Bassett resumed retail order fulfillment and caught up on fulfilling wholesale orders that were delayed as a result of the cyber incident.

Since the filing of the Original Report, Bassett has restored the IT systems and data that were impacted by the cyber incident, and continues to work through minor operational impacts. Bassett’s investigation has not found evidence that any of Bassett’s core operating systems for manufacturing, wholesale and retail order processing and fulfillment, or financial reporting were impacted.

As of the date of this Amendment, Bassett believes the impacts of the cyber incident are not, and are not reasonably likely to be, material to its financial condition and results of operations for the fiscal year. Bassett will be seeking reimbursement of costs, expenses and losses stemming from the cyber incident by submitting claims to Bassett’s cybersecurity insurers. The timing and amount of any such reimbursements is not known at this time.

Company Information