2023-10-11 Simpson Manufacturing Co., Inc. Cybersecurity Incident

Page last updated on April 11, 2024

Simpson Manufacturing Co., Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-10-11 06:02:59 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2023-10-10
Detected Date:
Disclosure Date: 2023-10-11
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2023-10-11

Simpson Manufacturing Co., Inc. filed an 8-K at 2023-10-11 06:02:59 EDT
Accession Number: 0000920371-23-000167

Item 8.01 Other Events.

On October 10, 2023, Simpson Manufacturing Co., Inc. (the “Company”) experienced disruptions in its Information Technology (IT) infrastructure and applications resulting from a cybersecurity incident. After becoming aware of the malicious activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline. The Company is working diligently to respond to and address this issue. The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations.

The Company has engaged leading third-party cybersecurity experts to support its investigation and recovery efforts. The investigation to assess the nature and scope of the incident remains ongoing and is in its early stages.

8-K filed on 2023-10-19

Simpson Manufacturing Co., Inc. filed an 8-K at 2023-10-19 16:32:04 EDT
Accession Number: 0000920371-23-000173

Item 8.01 Other Events.

On October 10, 2023, Simpson Manufacturing Co., Inc. (the “Company”) announced that it had experienced disruptions in its Information Technology (IT) infrastructure and applications resulting from a cybersecurity incident. The Company identified unauthorized activity on some of its IT systems and took immediate steps to stop and remediate the activity, including taking certain systems offline and engaging leading third-party cybersecurity experts to assist with remediation and investigation of the incident. The Company also notified relevant law enforcement.

The incident caused wide scale disruption of the Company’s business operations for approximately three days. The unauthorized activity has been contained due to the steps the Company has taken to address the incident.

While no company can ever eliminate the risk of a cyberattack, the Company has taken, and will continue to take, appropriate steps, working with its third-party cybersecurity experts, to further harden its systems to protect against future incidents.

The Company has incurred, and may continue to incur, expenses to respond to, remediate, and investigate this matter. The full scope of future costs and related impacts of this incident, including the extent to which these costs may be offset by the Company’s cybersecurity insurance, has not been determined. Although the Company is unable to predict the full impact of this incident, the Company does not expect that it will have a material effect on the Company’s financial condition.

The Company’s investigation into the incident remains ongoing.

Company Information