Toymaker Mattel—maker of Barbie and Ken dolls – was the victim of a ransomware attack last July on its information technology systems and data on a number of systems was encrypted.
The company said in a recent quarterly filing that it had contained the attack and although some business functions were temporarily impacted, the security team restored its operations. According to the filing, no sensitive business, retail customer, supplier, consumer, or employee data was exfiltrated.
Although Mattel carries cyber and business continuity insurance, the company said there’s no guarantee that costs incurred as a result of this or any future cyber events would be covered completely. The toymaker didn’t provide information on the nature of the ransom, such as whether the criminals wanted money only or also threatened to expose data.
Colin Bastable, CEO of Lucy Security, said the attack probably came as a result of COVID-19 lockdowns that forced Mattel staff to work remotely where they are more readily distracted, less easy to monitor and more likely to fall for a cyber-attack.
“So the Mattel CISO and IT team did their job well, just like the frontline ‘ordinary heroes’ of the COVID-19 outbreak, as recognized by the Mattel Playroom #ThankYouHeroes action figure range,” Bastable said. “As for the hackers – they’ll be back in the never-ending cybersecurity fight from a basement far, far away.”
With the holiday season creeping up, there should be expectations that ransomware campaigns will increase,” Brandon Hoffman, CISO at Netenrich, said most retailers depend heavily on online business and adversaries view this as an opportunity to attack.
“If they can cripple systems during Black Friday, Cyber Monday, or other large shopping related events, organizations may be more willing to pay and get systems back online,” Hoffman said. “It’s a matter of lost revenue for service availability versus the cost of the ransom.”
The post Ransomware attack toys with Mattel systems, data appeared first on SC Media.