KEY TRONIC CORP - (KTCC)
Date
Filing
8-K/A Filing Date: June 14, 2024
ITEM 1.05 MATERIAL CYBERSECURITY INCIDENTS
As disclosed in the Original Report, on May 6, 2024, the Company detected unauthorized third party access to portions of its information technology (“IT”) systems (the “cybersecurity incident”). Upon detection of this outside threat, the Company activated its cyber incident response procedure to investigate, contain, and remediate the incident, including engaging external cybersecurity experts to help investigate the scope and impact of the cybersecurity incident and notifying law enforcement. The cybersecurity incident caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.
As a precautionary measure, the Company halted domestic and Mexico operations for approximately two weeks during remediation efforts, but other international operations continued without disruption. As of the date of this filing, the Company’s operations and corporate functions have been restored, and we believe that the unauthorized third party no longer has access to the Company’s IT systems.
Since the date of the Original Report, the Company has determined that the threat actor accessed and exfiltrated limited data from the Company’s environment, which includes some personally identifiable information. The Company is in the process of providing appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.
The Company has also incurred, and may continue to incur, expenses related to the cybersecurity incident, including approximately $600,000 to date related to external cybersecurity experts. The Company believes that the impact to profit margins due to lost production for approximately two weeks in its domestic and Mexico operations and the incremental expense measures to recover from and remediate the cybersecurity incident will have a material impact on the Company's financial condition and results of operations during the fourth quarter ending June 29, 2024.
Forward-Looking Statements. This Current Report contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These statements address the Company’s expectations or beliefs regarding future events, actions or performance, including the investigation, containment and remediation of the cybersecurity incident and the impact on the Company, including its financial condition and results of operations. Factors that could affect future developments and performance include the completion of the Company’s investigation, the possibility that containment and remediation may not be successful, the improper use of exfiltrated information and related regulatory proceedings or litigation and other risks and factors contained in the documents that the Company has filed with the Securities and Exchange Commission.
8-K Filing Date: May 10, 2024
ITEM 1.05 MATERIAL CYBERSECURITY INCIDENTS
On May 6, 2024, Key Tronic Corporation (the “Company”) detected unauthorized third party access to portions of its information technology (“IT”) systems. Upon detection of this outside threat, the Company activated its cyber incident procedure to investigate, contain, and remediate the incident, including beginning an investigation with external cybersecurity experts and notifying law enforcement. The incident has caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems. As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known, but based on the information reviewed to date, the Company believes the unauthorized activity has been contained and is working diligently to bring the impacted portions of its IT system back online.
As of the date of this filing, the Company does not believe the incident is reasonably likely to have a material impact on the Company, including its financial condition or results of operations.
Forward-Looking Statements. This Current Report contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These statements address the Company’s expectations or beliefs regarding future events, actions or performance, including the investigation, containment and remediation of the cybersecurity incident, the restoration of the Company’s IT system and the impact on the Company, including its financial condition and results of operations. Factors that could affect future developments and performance include the completion of the Company’s investigation, the possibility that containment and remediation may not be successful and other risk and factors contained in the documents that the Company has filed with the Securities and Exchange Commission.