Page last updated on February 25, 2026
UFP TECHNOLOGIES INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2026-02-24 16:40:24 EST.
Incident Details
Material: No
Is Breach: Yes
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)
Compromised Date: Unknown
Detected Date: 2026-02-14
Disclosure Date: 2026-02-24
Contained Date: Unknown
Recovered Date: Unknown
Attack Goal: Unknown
Attack Tactics1: TA0010, TA0001
Attack Techniques1: OTHER
Costs: Not Tracked (yet)
- Incident response (Indirect): Not Tracked (yet)
- Forensics (Indirect): Not Tracked (yet)
- System restoration (Indirect): Not Tracked (yet)
- Third-party costs (Indirect): Not Tracked (yet)
- Consulting costs (Indirect): Not Tracked (yet)
Filings
8-K filed on 2026-02-24
UFP TECHNOLOGIES INC filed an 8-K at 2026-02-24 16:40:24 EST
Accession Number: 0001628280-26-011152
Item 1.05 Material Cybersecurity Incidents.
On or about February 14, 2026, UFP Technologies, Inc. (the "Company") detected suspicious activity involving its information technology ("IT") systems. Upon detecting the issue, the Company began taking steps to assess, contain, and remediate the unauthorized activity, including isolating the affected systems and launching an investigation with the assistance of external cybersecurity advisors.
Through the Company's efforts, the Company believes that the third party responsible for this cybersecurity incident has been removed from the Company's IT systems, and the Company's ability to access information impacted by this incident has been restored in all material respects. The incident appears to have impacted many but not all of the Company's IT systems and affected functions such as billing and label making for customer deliveries. Certain Company or Company-related data appear to have been stolen or destroyed. As a result of the Company's contingency plans and data backup systems, the Company implemented planned solutions for the issues posed by the incident. The Company's operations have continued since the detection of the cybersecurity incident in all material respects.
Although the Company has ascertained that certain files were exfiltrated, it is still investigating the extent of any sensitive information contained in the accessed systems, including whether any personal information was exfiltrated. It is evaluating what legal and regulatory notifications and filings may be required as a result of this incident and will make such filings as are required based on its findings. The Company continues to investigate the nature and scope of the unauthorized access.
The Company currently expects that a significant portion of its direct costs incurred relating to containing, investigating and remediating the cybersecurity incident will be reimbursed through insurance recoveries.
As of the date hereof, the incident has not had a material impact on the Company's financial systems, operations or financial condition. While the Company's investigation and assessment of this incident is ongoing, as of the date of this filing, the Company believes its primary IT systems are operational in all material respects and the Company does not believe the incident is reasonably likely to materially impact the Company's financial condition or results of operations.
Company Information
| Name | UFP TECHNOLOGIES INC |
| CIK | 0000914156 |
| SIC Description | Surgical & Medical Instruments & Apparatus |
| Ticker | UFPT - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 31 |