2021-08-19 ALJ REGIONAL HOLDINGS INC Cybersecurity Incident

Page last updated on April 11, 2024

ALJ REGIONAL HOLDINGS INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2021-08-19 12:03:01 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2021-08-18
Disclosure Date: 2021-08-19
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2021-08-19

ALJ REGIONAL HOLDINGS INC filed an 8-K at 2021-08-19 12:03:01 EDT
Accession Number: 0001564590-21-045119

Item 8.01 Other Events.

On August 18, 2021, Faneuil, Inc. (“Faneuil”), a wholly owned subsidiary of ALJ Regional Holdings, Inc. (the “Company”), detected a ransomware attack that accessed and encrypted certain files on servers utilized by Faneuil in the provision of its call center services.

Promptly upon our detection of the security event, Faneuil launched an investigation and engaged legal counsel and other incident response professionals. Faneuil is in the process of notifying law enforcement. While the investigation of the incident is ongoing, we are implementing a series of containment and remediation measures to address this situation and reinforce the security of our information technology systems. We are working with industry-leading cybersecurity professionals to immediately respond to the threat, defend our information technology systems, and conduct remediation.

Although we are actively managing this security event, such event has caused, and may continue to cause, disruption to parts of Faneuil’s business, including certain aspects of its provision of call center services. As we are in the early stages of our investigation and assessment of the security event, we cannot determine at this time whether or not such event will have a material impact on our business, operations or financial results. We carry insurance, including cyber insurance, commensurate with the size and the nature of our operations. We cannot be sure that our insurance provider will provide coverage for this event, or if so, the extent of such coverage. Further, while we are communicating with our customers regarding this disruption, we cannot guarantee that our customer relationships will not be harmed as a result of this event. In addition to these risks and other information set forth in this report, one should carefully consider the discussion on the other risks and uncertainties that cybersecurity incidents and operation disruptions to key facilities may have on us and our subsidiaries, including Faneuil, contained in Part I, “Item 1A. Risk Factors” in our Annual Report on Form 10-K for the year ended September 30, 2020, filed with the SEC on December 18, 2020, and in our subsequent filings with the SEC.

The information in this Item 7.01 of this Current Report on Form 8-K shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liabilities of that section or Sections 11 and 12(a)(2) of the Securities Act of 1933, as amended. The information contained in this Item 7.01 shall not be incorporated by reference into any filing with the SEC made by the Company, whether made before or after the date hereof, regardless of any general incorporation language in such filing.

Company Information