Keytronic, a prominent printed circuit board assembly (PCBA) manufacturer, recently confirmed a significant data breach. The breach occurred after the Black Basta ransomware gang leaked over 500GB of the company’s stolen data. In this blog post, we delve into the details of the breach, its impact, and Keytronic’s response.
The Breach Details
Attack Timeline
The breach came to light two weeks ago when Black Basta claimed responsibility for the attack. Keytronic had reported the cyberattack in an SEC filing over a month ago, on May 62.
Operational Disruption
The attack disrupted Keytronic’s operations, limiting access to critical business applications. As a result, the company had to shut down domestic and Mexico operations for two weeks to address the incident.
Stolen Data
The stolen data included sensitive information such as human resources, finance, engineering, and corporate data. Black Basta shared screenshots of employees’ passports, social security cards, customer presentations, and corporate documents2.
As required by new SEC criteria, the Company has also stated that the attack and loss of production will have a material impact on its financial position in the fourth quarter of 2024, ending on June 29.
Impact and Response
Personal Information Compromised: Keytronic confirmed that personal information was stolen during the breach. The threat actor accessed and exfiltrated limited data from the company’s environment, including personally identifiable information.
Financial Implications: The resulting production loss could impact Keytronic’s financial condition for the fourth quarter, which ends on June 29. The company incurred approximately $600,000 in expenses for external cybersecurity experts, with more costs anticipated.
Lessons Learned
The company has already spent around $600,000 on hiring external cybersecurity experts and expects to pay more. While Keytronic could not identify a specific threat group, the Black Basta ransomware organization claimed the attack two weeks ago, revealing what they claim is all of the stolen data.
The threat actors say that the attack stole human resources, finance, engineering, and business data, and they have shared photos of employee passports and social security cards, as well as customer presentations and company documents.
Black Basta Ransomware
The Black Basta ransomware operation began in April 2022 and is thought to be made up of former members of the Conti ransomware operation, which broke into smaller groups after it shut down.
Black Basta has since grown to be one of the biggest and most damaging ransomware operations, responsible for a large number of attacks, including those against Capita, Hyundai's European division, the Toronto Public Library, the American Dental Association, and, most recently, a ransomware attack on U.S. healthcare giant Ascension.
Between April 2022 and May 2024, a ransomware campaign breached 500 businesses and stole data from at least 12 out of 16 key infrastructure sectors, according to CISA and the FBI.
