2024-05-09 KEY TRONIC CORP Cybersecurity Incident

Page last updated on July 16, 2024

KEY TRONIC CORP initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-05-09 20:17:42 EDT.

Incident Details

Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2024-05-06
Disclosure Date: 2024-05-09
Contained Date: 2024-05-09
Recovered Date: 2024-06-14

Attack Goal: Unknown

Costs: $600K - $600K

Filings

8-K filed on 2024-05-09

KEY TRONIC CORP filed an 8-K at 2024-05-09 20:17:42 EDT
Accession Number: 0000719733-24-000015

Item 1.05 Material Cybersecurity Incidents.

On May 6, 2024, Key Tronic Corporation (the “Company”) detected unauthorized third party access to portions of its information technology (“IT”) systems. Upon detection of this outside threat, the Company activated its cyber incident procedure to investigate, contain, and remediate the incident, including beginning an investigation with external cybersecurity experts and notifying law enforcement. The incident has caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems. As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known, but based on the information reviewed to date, the Company believes the unauthorized activity has been contained and is working diligently to bring the impacted portions of its IT system back online.

As of the date of this filing, the Company does not believe the incident is reasonably likely to have a material impact on the Company, including its financial condition or results of operations.


8-K/A filed on 2024-06-14

KEY TRONIC CORP filed a 8-K/A at 2024-06-14 16:14:36 EDT
Accession Number: 0000719733-24-000035

Explanatory Note.

This Current Report on Form 8-K/A (this “Amendment”) amends, and should be read in conjunction with, the Current Report on Form 8-K previously filed by Key Tronic Corporation (the “Company,” “our” or “we”) with the Securities and Exchange Commission on May 10, 2024 (the “Original Report”).

Item 1.05 Material Cybersecurity Incidents.

As disclosed in the Original Report, on May 6, 2024, the Company detected unauthorized third party access to portions of its information technology (“IT”) systems (the “cybersecurity incident”). Upon detection of this outside threat, the Company activated its cyber incident response procedure to investigate, contain, and remediate the incident, including engaging external cybersecurity experts to help investigate the scope and impact of the cybersecurity incident and notifying law enforcement. The cybersecurity incident caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.

As a precautionary measure, the Company halted domestic and Mexico operations for approximately two weeks during remediation efforts, but other international operations continued without disruption. As of the date of this filing, the Company’s operations and corporate functions have been restored, and we believe that the unauthorized third party no longer has access to the Company’s IT systems.

Since the date of the Original Report, the Company has determined that the threat actor accessed and exfiltrated limited data from the Company’s environment, which includes some personally identifiable information. The Company is in the process of providing appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.

The Company has also incurred, and may continue to incur, expenses related to the cybersecurity incident, including approximately $600,000 to date related to external cybersecurity experts. The Company believes that the impact to profit margins due to lost production for approximately two weeks in its domestic and Mexico operations and the incremental expense measures to recover from and remediate the cybersecurity incident will have a material impact on the Company’s financial condition and results of operations during the fourth quarter ending June 29, 2024.


Company Information

NameKEY TRONIC CORP
CIK0000719733
SIC DescriptionPrinted Circuit Boards
TickerKTCC - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndJune 28