Cyberattack cost more than $17 million, Key Tronic tells regulators

A cyberattack discovered in May by the manufacturer Key Tronic has cost the company more than $17 million, according to a Friday regulatory filing. 

On May 6, the printed circuit board assembly fabricator first detected unusual activity on its servers, leading it to shut down operations in Mexico and the U.S. for two weeks “during remediation efforts.” 

The Black Basta ransomware group claimed the attack on its website and leaked what it claimed was sensitive Key Tronic data.  

On Friday, Key Tronic informed the Securities and Exchange Commission that it had incurred about $2.3 million of expenses connected to the cyberattack and “believes that it lost approximately $15 million of revenue during the fourth quarter.” The Spokane, Washington-based company says the orders are “recoverable” and can be fulfilled next year. 

Its fourth quarter revenue is expected to be $125 million, which is below previous estimates. Last year, it had revenues of more than $596 million. 

A recent report from IBM and the Ponemon Institute found the average cost of a data breach from March 2023 until February 2024 jumped to $4.88 million, up from $4.45 million the year before. 

The manufacturing sector is a frequent target of threat actors, with the forklift giant Crown Equipment reporting a ransomware attack in June and the U.K. manufacturing services company Volex reporting last October that hackers had gained access to its systems.