2021-04-14 AMTECH SYSTEMS INC Cybersecurity Incident

Page last updated on April 11, 2024

AMTECH SYSTEMS INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2021-04-14 17:50:10 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2021-04-12
Disclosure Date: 2021-04-14
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2021-04-14

AMTECH SYSTEMS INC filed an 8-K at 2021-04-14 17:50:10 EDT
Accession Number: 0001564590-21-018855

Item 8.01 Other Events.

On April 12, 2021, Amtech Systems, Inc. (together, the “Company,” “we,” “us,” or “our”) detected a data incident in which attackers gained access to and disabled some of the technology systems used by one of our subsidiaries.

Promptly upon its detection of the security event, the Company launched an investigation, engaged legal counsel, and retained incident response and technical professionals. While investigation of the incident is ongoing, the Company has implemented a series of containment and remediation measures to address this situation. The Company also is working with cybersecurity professionals to restore systems and enhance the overall security posture of this subsidiary’s information technology systems.

Based on its preliminary assessment, the Company believes the incident only affected this subsidiary and may delay the shipments of some products to customers. At this time, the Company does not believe that the incident affected the Company’s core corporate network or the networks of its other divisions and subsidiaries.

8-K filed on 2021-04-26

AMTECH SYSTEMS INC filed an 8-K at 2021-04-26 16:30:09 EDT
Accession Number: 0001564590-21-020546

Item 7.01 Regulation FD Disclosure.

On April 12, 2021, Amtech Systems, Inc. (together, the “Company,” “we,” “us,” or “our”) detected a data incident in which attackers acquired data and disabled some of the technology systems used by one of its subsidiaries. Upon learning of the incident, we immediately engaged external counsel and retained a team of third-party forensic, incident response, and security professionals to investigate and determine the full scope of this incident. Our investigation of the data incident is ongoing with the assistance from our outside professionals, and we are in the process of determining what data was affected and what customers or individuals require notice. We have notified law enforcement officials and confirmed that the incident is covered by our insurance.


Despite this disruption, production continued in our facilities. Our previously disabled subsidiary network is now back up and running securely. Working alongside our security professionals, we have been safely bringing our subsidiary’s systems online with enhanced security controls. We have deployed an advanced next generation anti-virus and endpoint detection and response tool, as well as Managed Detection & Response services. We remain committed to protecting the security of the personal information entrusted to us and providing high-quality products and service to our customers.

The information in this Current Report on Form 8-K shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934 (the “Exchange Act”), or otherwise subject to the liabilities of that section, nor shall it be deemed incorporated by reference in any filing under the Securities Act of 1933 or the Exchange Act, except as expressly set forth by specific reference in such a filing.

Company Information