- Hasbro confirms cyberattack forcing temporary IT shutdown and containment measures
- Investigation ongoing into possible data theft; no group has claimed responsibility
- Company remains operational but warns interim measures may cause delays for several weeks
American toy and entertainment giant Hasbro has confirmed suffering a cyberattack which forced it to temporarily shut down parts of its IT infrastructure.
In a data breach notification filed with the US Securities and Exchange Commission (SEC) on April 1, Hasbro said that it identified unauthorized access to its network a few days prior.
“The company’s investigation is ongoing, and it is working diligently to resolve the matter and determine the full scope of impact,” Hasbro said. “The company has implemented and continues to implement business continuity plans to enable it to continue to take orders, ship product and conduct other key operations while it resolves this situation.”
Looking into data theft
After spotting the intrusion, Hasbro did the usual - activated its security incident response protocols, implemented ‘containment measures’ which included shutting down some systems, and brought in third-party cybersecurity experts to analyze the attack and assess the damage.
In a statement given to the BBC, Hasbro said it will continue working throughout the attack: "While this is an unfortunate incident, Hasbro's business operations remain open," a Hasbro spokesperson told the publication. "We have taken swift action to protect our systems and data," they added.
While Hasbro will remain operational, it will not be business as usual for the owners of Peppa Pig, Transformers, and Dungeons & Dragons. The “interim measures”, as it calls the downtime, will likely be in effect for “several weeks”, the company stated, stressing that this “may result in some delays
The company is also looking into potential data theft, and “will take additional actions as appropriate”, if it finds any. Those actions could include notifying affected individuals about incoming phishing attacks, and offering free credit and identity theft monitoring services.
So far, no threat actors claimed responsibility for the attack, Cybernews confirmed, therefore we don’t know if anyone demanded a ransom payment.
