2023-03-02 ULTRALIFE CORP Cybersecurity Incident

Page last updated on April 11, 2024

ULTRALIFE CORP initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-03-02 09:30:26 EST.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2023-01-25
Disclosure Date: 2023-03-02
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2023-03-02

ULTRALIFE CORP filed an 8-K at 2023-03-02 09:30:26 EST
Accession Number: 0001437749-23-005169

Item 8.01 Other Events.

During the Company’s fourth quarter earnings conference call on March 2, 2023, the Company announced the following:

On January 25, 2023, during performance of their daily, morning information technology security procedures, our Information Technology Team discovered an unauthorized entry into our information technology systems for our Newark, N.Y. and Virginia Beach locations. The accounts in question were immediately disabled by our IT Team, and the Company’s Information Security Committee met promptly, taking swift action, including the immediate notification of our cyber-security insurance carrier. Shortly thereafter, with assistance of recommendations from our cyber-security carrier, we engaged external incident response professionals to assist with our assessment, recovery and response. On February 7, the Company received an electronic communication allegedly from a third-party, known for nefarious ransomware attacks, claiming responsibility for the incident, and discussions with that third party commenced through experienced cyber-security professionals engaged by the Company.

This incident caused a partial disruption of our business operations at both locations, which resulted in production and shipping downtime of approximately two weeks. The Company has now restored its information technology systems, and production has been resumed in both locations. We do not believe that any other Company locations were affected by this incident, and these other locations have continued their normal operations. The full scope of the costs and related impacts of this incident on our first quarter 2023 results, including the extent to which the Company’s cyber-security insurance will offset the costs of the professionals we engaged and of the interruption to our business, is currently under review. The Company’s deductible for its cyber-security insurance is $100,000.

Based on the recovery of our systems, review of the files affected, as well as the Company’s prompt response to and assessment of the incident, no ransom or other amount has been or is expected to be paid to the third-party. We continue to monitor our information systems for any irregularities.

The information set forth in this Form 8-K and the attached exhibit is being furnished to and not filed with the Securities and Exchange Commission and shall not be deemed as incorporated by reference in any filing under the Securities Exchange Act of 1934, as amended, or the Securities Act of 1933, as amended, except to the extent specifically provided in any such filing.

Company Information