Page last updated on September 29, 2025
DATA I/O CORP initially disclosed a cybersecurity incident in an SEC 8-K filing on 2025-08-21 17:20:05 EDT.
Company Summary
DATA I/O Corporation provides programming and security provisioning systems that enable manufacturers to program semiconductors, microcontrollers, and secure devices used in automotive, industrial, and consumer electronics.
Incident Details
Material: No
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)
Compromised Date: 2025-08-16
Detected Date: Unknown
Disclosure Date: 2025-08-21
Contained Date: Unknown
Recovered Date: Unknown
Attack Goal: Unknown
Attack Tactics1: TA0001, TA0040
Attack Techniques1: T1195, T1486, T1133
Costs: $180K
- Non-itemized costs (Indirect): $180K
- Consulting costs (Indirect): Not Tracked (yet)
- System restoration (Indirect): Not Tracked (yet)
- Forensics (Indirect): Not Tracked (yet)
Filings
8-K filed on 2025-08-21
DATA I/O CORP filed an 8-K at 2025-08-21 17:20:05 EDT
Accession Number: 0001654954-25-009925
Item 1.05 Material Cybersecurity Incidents.
On August 16, 2025, Data I/O Corporation (the “Company”) experienced a ransomware incident (the “Incident”) on certain of its internal IT systems. Upon discovery, the Company promptly activated its response protocols, took steps to secure its global IT systems and implemented containment measures, including proactively taking certain platforms offline and implementing other mitigation measures. The Company also engaged leading cybersecurity experts to support the IT system recovery and conduct a comprehensive investigation. Based on the findings, the Company will take additional actions as appropriate, including notifying affected individuals and regulatory authorities in compliance with applicable laws.
The Company is working diligently to restore the affected systems. The Incident has temporarily impacted the Company’s operations, including internal/external communications, shipping, receiving, manufacturing production, and various other support functions. While the Company has implemented measures to allow for the restoration of some operational functions, the timeline for a full restoration is not yet known. As the investigation of the Incident is ongoing, the full scope, nature, and impact are also not yet known.
As of the date of this filing, the Incident does not appear to have had a material impact on the Company’s business operations; however, the full scope and impact of this Incident is not yet known and could result in a future determination that the incident either was not or has been material to the Company’s financial statements and results of operations. The expected costs related to the Incident, including fees for our cybersecurity experts and other advisors, and costs to restore any impacted systems, are reasonably likely to have a material impact on the Company’s results of operations and financial condition.
8-K filed on 2025-09-10
DATA I/O CORP filed an 8-K at 2025-09-10 13:30:53 EDT
Accession Number: 0001654954-25-010613
Item 1.05 Material Cybersecurity Incidents.
As previously disclosed on August 21, 2025 in a Current Report on Form 8-K filed with the Securities and Exchange Commission (“SEC”), on August 16, 2025, Data I/O Corporation (the “Company”) experienced a ransomware incident (the “Incident”) on certain of its internal IT systems. Through ongoing discovery and investigation efforts, the Company has determined that the Incident was not targeted but originated as a vulnerability of a commercially available third-party firewall service provider. The Company engaged leading cybersecurity experts to support the IT system recovery and conduct a comprehensive investigation. Through dealing with this Incident, the Company has improved and strengthened its IT systems and based on the findings, the Company does not believe any additional actions are necessary.
As of the date of this filing, the Company has restored the affected systems and the Incident has been completely contained and remediated. The Incident temporarily impacted the Company’s operations, including internal/external communications, shipping, receiving, manufacturing production, and various other support functions, which are fully operational as of the date of this filing. As of the date of this filing, it does not appear that any revenue has been lost as a result of the Incident. As of September 9, 2025, the estimated costs related to the Incident for remediation, restoration and investigation efforts are expected to total approximately $388,000 in expenses in the third quarter ending September 30, 2025 and will likely have a material impact on the Company’s results of operations and financial condition.
Item 7.01 Regulation FD Disclosure.
On September 4, 2025, the Company issued a press release entitled “Data I/O Issues Update on Cybersecurity Incident”, attached hereto as Exhibit 99.0.
Exhibit No. 99.0
Exhibit 99.0
Data I/O Issues Update on Cybersecurity Incident
All Systems Operational with No Impact to Customers or Orders
Redmond, WA, September 4, 2025 - Data I/O Corporation (NASDAQ:DAIO), the leading global provider of advanced security and data deployment solutions for microcontrollers, security ICs and memory devices, today provided an update on the recently announced cybersecurity incident.
William Wentworth, the Company’s President and CEO, stated, “We are pleased to report that the ransomware incident as first identified on August 16, 2025 has been completely contained and remediated. It was determined that the attack was not targeted but originated as a vulnerability of a commercially available third-party firewall service provider. With the breach being remediated, at present all our systems globally have been restored. We do not believe we have any risk exposure from the incident. After working diligently to restore the affected systems with leading cybersecurity experts, we believe our IT systems are now better protected than ever. Equally important is that our order flow from bookings to deliveries is on track and we believe no revenue has been lost as a result of the incident.
“The remediation, restoration and investigation efforts are expected to total approximately $180,000 in expenses in the third quarter ending September 30, 2025. However, on an annualized basis we have reduced about $300,000 from our spending through our ongoing efforts to optimize performance. Through dealing with this incident, we have dramatically improved our corporate processes and strengthened our IT systems for enhanced security and scalability. In the end, our business remains on course. We are grateful for the efforts and dedication of our global workforce and external advisors for their amazing response and recovery efforts.”
About Data I/O Corporation
Since 1972, Data I/O has developed innovative solutions to enable the design and manufacture of electronic products for automotive, Internet-of-Things, medical, wireless, consumer electronics, industrial controls and other electronics devices. Today, our customers use Data I/O’s data programming solutions and security deployment platform to secure the global electronics supply chain and protect IoT device intellectual property from point of inception to deployment in the field. OEMs of any size can program and securely provision devices from early samples all the way to high volume production prior to shipping semiconductor devices to a manufacturing line. Data I/O enables customers to reliably, securely, and cost-effectively bring innovative new products to life. These solutions are backed by a portfolio of patents and a global network of Data I/O support and service professionals, ensuring success for our customers. Learn more at dataio.com/Company/Patents.
Company Information
| Name | DATA I/O CORP |
| CIK | 0000351998 |
| SIC Description | Instruments For Meas & Testing of Electricity & Elec Signals |
| Ticker | DAIO - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | December 10 |