2020-11-03 GEO GROUP INC Cybersecurity Incident

Page last updated on April 11, 2024

GEO GROUP INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2020-11-03 16:00:55 EST.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date:
Disclosure Date: 2020-11-03
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2020-11-03

GEO GROUP INC filed an 8-K at 2020-11-03 16:00:55 EST
Accession Number: 0001193125-20-284748

Item 7.01 Regulation FD Disclosure.

On November 3, 2020, The GEO Group, Inc. (“GEO” or the “Company”) began the process of notifying current and former employees and will provide additional notifications as required by applicable state and federal law regarding a ransomware attack that impacted a portion of GEO’s information technology systems and a limited amount of data that contained personally identifiable information and protected health information. GEO promptly launched an investigation, engaged legal counsel and other incident response professionals, and notified its customers and law enforcement in response to the incident. GEO implemented a number of containment and remediation measures to address the incident, restore its systems and reinforce the security of its networks and information technology systems. The Company recovered its critical operating data and the incident has not had a significant impact on the Company’s business operations or its ability to perform the services required under GEO’s contracts with its government customers to care for the individuals entrusted to GEO’s facilities and programs. At this time, the Company is not aware of any fraud or misuse of information as a result of the incident. Based on its assessment and on the information currently known and obtained through the investigation of the incident, the Company does not believe the incident will have a material impact on its business, operations or financial results. The Company carries insurance, including cyber insurance, commensurate with its size and the nature of its operations.

The information set forth in Item 7.01 in this Form 8-K is being furnished and shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liabilities of that section. The information set forth in Item 7.01 in this Form 8-K shall not be incorporated by reference into any registration statement or other document pursuant to the Securities Act of 1933, as amended.

All statements in this Form 8-K that do not directly and exclusively relate to historical facts constitute “forward-looking statements.” These statements represent the Company’s intentions, plans, expectations and beliefs, and are subject to risks, uncertainties and other factors many of which are outside the Company’s control. These factors could cause actual results to differ materially from such forward-looking statements. For a written description of these factors, see the section titled “Risk Factors” in the Company’s Annual Report on Form 10-K for the fiscal year ended December 31, 2019 and the Company’s Quarterly Reports on Form 10-Q for the quarter ended March 31, 2020 and June 30, 2020. The Company disclaims any intention or obligation to update these forward-looking statements whether as a result of subsequent events or otherwise, except as required by law.

Company Information