2021-05-03 SmileDirectClub, Inc. Cybersecurity Incident

Page last updated on April 11, 2024

SmileDirectClub, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2021-05-03 16:21:04 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2021-04-14
Detected Date:
Disclosure Date: 2021-05-03
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)


8-K filed on 2021-05-03

SmileDirectClub, Inc. filed an 8-K at 2021-05-03 16:21:04 EDT
Accession Number: 0001775625-21-000051

Item 8.01 Other Events.

On May 3, 2021, SmileDirectClub, Inc. (the “Company”) announced that it experienced a systems outage that was caused by a cybersecurity incident on April 14, 2021 (the “Incident”). The Company promptly implemented a series of containment and remediation measures to address the Incident, including temporarily isolating and shutting down affected systems and related manufacturing operations. The Company immediately mobilized its internal engineering security team and has engaged leading forensic information technology firms to assist the Company’s investigation into the Incident. As a result of these efforts, the Company was able to successfully block the attack, no ransom was paid, and the Company’s systems and operations are back online and performing normally.

Since the date of the Incident, the Company has been, and is, actively managing the Incident and, in consultation with its third-party advisors, investigating and seeking to understand and quantify the impact on the Company, its business operations and financial results. At this time, the Company is not aware of any data loss from, or other loss of assets as a result of, the Incident, including any exposure of customer or team member information. The Incident, however, has caused, and may continue to cause, delays and disruptions to parts of the Company’s business, including treatment planning, manufacturing operations, and product delivery. While the Company maintains insurance coverage for certain expenses and potential liabilities that may be associated with the Incident, and the Company plans to pursue coverage for all applicable expenses and liabilities, at this time, the Company expects that the Incident may have a material impact on its business operations and financial results in the second quarter.

Accordingly, while it is too early to assess the full impact of the Incident on the second quarter of 2021, the Company now expects second quarter 2021 revenue to be approximately $195 - $200 million, and Adjusted EBITDA to be approximately break-even. These estimates reflect an approximately $10 - $15 million revenue impact in the quarter from the cyber-attack and the associated downtime in treatment planning and manufacturing.

For the first quarter 2021, the Company is expected to announce the following:

First Quarter 2021 Financial Highlights

Company Information

NameSmileDirectClub, Inc.
SIC DescriptionDental Equipment & Supplies
CategoryAccelerated filer
Fiscal Year EndDecember 30