2021-01-26 CARRIAGE SERVICES INC Cybersecurity Incident

Page last updated on April 11, 2024

CARRIAGE SERVICES INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2021-01-26 17:24:48 EST.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2021-01-25
Disclosure Date: 2021-01-26
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2021-01-26

CARRIAGE SERVICES INC filed an 8-K at 2021-01-26 17:24:48 EST
Accession Number: 0001016281-21-000019

Item 8.01 Other Events.

Carriage Services, Inc. (the “Company”) discovered on January 25, 2021 that its information technology (“IT”) system was affected by a cybersecurity incident. Upon learning of the incident, the Company undertook immediate steps to address the incident, including engaging IT security and forensics experts to assess the impact on the Company’s IT systems, implementing additional security measures to help prevent a similar incident in the future, and to prepare for its restoration, which is ongoing.

Based on the information available to the Company to date, the Company is not aware of any compromise, theft or public disclosure of confidential employee, customer, or vendor data or information.

The Company will continue to assess the full extent of any impacts from the incident and is focused on expeditiously completing its investigation with the assistance of the third-party experts it retained.

Security, in all its forms, remains a priority for the Company, and the Company will continue to seek to take all appropriate measures to safeguard the integrity of its IT infrastructure, data, and employee, customer and vendor information.

8-K filed on 2021-02-10

CARRIAGE SERVICES INC filed an 8-K at 2021-02-10 20:11:06 EST
Accession Number: 0001016281-21-000024

Item 8.01 Other Events.

As previously reported, on January 25, 2021, Carriage Services, Inc. (the “Company”) detected that its information technology (“IT”) system was affected by a ransomware attack. Upon learning of the incident, the Company undertook immediate steps to address the incident, including engaging IT security and forensics experts and working diligently with these experts to assess the impact on the Company’s IT systems, implement additional and enhanced security measures to help prevent a similar incident in the future, and to restore any of its IT systems that were impacted by the incident. The restoration of any impacted systems is complete.

Based on the Company’s assessment of the information currently known, the incident has not had, nor does the Company expect it will have, a material impact on the Company’s business, operations or financial results. As the Company works to conclude its forensic review process, it remains possible that personally identifiable information (“PII”) was accessed, and to the extent the Company confirms that any PII was accessed, the Company will notify those affected individuals in accordance with applicable laws.

Security, in all its forms, remains a priority for the Company, and the Company will continue to seek to take all appropriate measures to safeguard the integrity of its IT infrastructure, data, and employee, customer and vendor information.

Company Information