2021-12-30 Usio, Inc. Cybersecurity Incident

Page last updated on April 11, 2024

Usio, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2021-12-30 16:38:25 EST.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2021-12-25
Disclosure Date: 2021-12-30
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)


8-K filed on 2021-12-30

Usio, Inc. filed an 8-K at 2021-12-30 16:38:25 EST
Accession Number: 0001437749-21-029509

Item 7.01 Regulation FD Disclosure.

On December 25, 2021, we detected a ransomware attack that accessed and encrypted a small portion of our information technology systems. The unauthorized access included the download of non-payment processing related data files from our externally hosted Office 365 environment which is separate from our payment processing environment. Throughout the incident, we remained operational.

Promptly upon the detection of the event, we launched an investigation, notified law enforcement, and engaged legal counsel, computer forensic firms and other incident response professionals. While the investigation of the incident is ongoing, we implemented a series of containment and remediation measures to address this situation and reinforce the security of our information technology systems. We are working with industry-leading cybersecurity firms to immediately respond to the threat, defend our information technology systems, and remediate the breach.

We are assessing the potential effect on our operations and financial results while actively managing the situation to limit its impact. Based on the information currently known to us, at this time we do not believe that the incident will have a material impact on our business, operations, or financial results.

We will continue to update our employees, customers, shareholders, and others on our progress in resolving this situation.

For further information regarding the risks associated with security incidents, please see “Risk Factors” in the Company’s Annual Report on Form 10-K for the fiscal year ended December 31, 2020.

This information is “furnished” and not “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, or otherwise subject to the liabilities of that section. It may only be incorporated by reference in another filing under the Securities Exchange Act of 1934 or the Securities Act of 1933 only if and to the extent such subsequent filing specifically references the information incorporated by reference herein.

This report contains forward-looking statements. Forward-looking statements include, but are not limited to, statements that express our intentions, beliefs, expectations, strategies, predictions or any other statements related to its future activities or future events or conditions. The words “continue,” “will,” “believe,” “estimate,” “expect,” “intend,” “plan,” “expand,” “should,” “likely,” and similar expressions as they relate to us or our management are intended to identify these forward-looking statements. These statements are based on current expectations, estimates and projections about our business based, in part, on assumptions made by management. These statements are not guarantees of future performances and involve risks, uncertainties and assumptions that are difficult to predict. Therefore, actual outcomes and results may differ materially from what is expressed or forecasted in the forward-looking statements due to numerous factors, including risks related to the pandemic, a breach of the Company’s information technology systems, management of our growth, the loss of key resellers, the relationships with the Automated Clearinghouse network, bank sponsors, third-party card processing providers and merchants, the loss of key personnel, growing competition in the electronic commerce market, the security of the Company’s software, hardware and information, and compliance with complex federal, state and local laws and regulations, and other risks detailed from time to time in its filings with the SEC, including those risks discussed in the Company’s Annual Report on Form 10-K and in other documents that we file from time to time with the SEC. Any forward-looking statement speaks only as of the date as of which such statement is made, and, except as required by law, we undertake no obligation to update any forward-looking statement to reflect events or circumstances, including unanticipated events, after the date as of which such statement was made.

Company Information

NameUsio, Inc.
SIC DescriptionFunctions Related To Depository Banking, NEC
TickerUSIO - Nasdaq
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30