American technological company Keytronic reported significant financial losses due to a ransomware attack earlier this year. The attack, which occurred in May, resulted in losses of over $17 million, as disclosed in a statement submitted to the US Securities and Exchange Commission (SEC) on Friday.
Keytronic, known for its expertise in the production of electronic devices and components, specializes in the assembly of printed circuit boards (PCBA). The company, which was established in 1969 as a manufacturer of keyboards and mice, has expanded its production capabilities over the years. KeyTronic currently operates production facilities in the USA, Mexico, China, and Vietnam, offering contract manufacturing services for various industries such as medicine, industrial equipment, and consumer electronics.
The cyber attack took place on May 6, resulting in disruptions at Keytronic’s facilities in Mexico and the United States, impacting business applications supporting company operations and functions. The incident incurred additional expenses of about $2.3 million and caused a loss of approximately $15 million in the fourth quarter. Keytronic anticipates recovering most of these losses in the 2025 financial year, with some expenses covered by a $0.7 million insurance compensation.
Following the attack in May, KeyTronic temporarily halted operations at its US and Mexico enterprises for two weeks to address the situation. The company also confirmed that personal data from its systems was compromised during the cyber breach.
Although KeyTronic did not attribute the attack to a specific group, the ransomware group Black Basta claimed responsibility for the breach in late May and published stolen company data, including employee information, financial and engineering documents, and corporate files.
Black Basta, operating under the Ransomware-as-a-Service (RAAS) model since April 2022, has targeted numerous high-profile victims, including the German defense contractor Rheinmetall, the American medical giant Ascension, and government contractors like ABB and Capita. The group has also attacked organizations such as the American Dental Association, the European Toronto Public Library, and Yellow Pages Canada.
According to reports from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), Black Basta has hacked over 500 organizations and extorted at least $100 million in ransom from more than 90 victims by November 2023.
Keytronic has not disclosed the extent of the impact on individuals affected by the data breach at this time.