Toymaker Mattel Discloses Ransomware Attack

Leading toymaker Mattel has publicly acknowledged a ransomware attack that affected its business systems earlier this year.

The maker of Barbie, Hot Wheels and Thomas & Friends toys discovered the security incident, which encrypted a limited number of its computer systems, on July 28, 2020, according to a 10-Q form filed with the US Securities Exchange Commission yesterday.

“Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems,” the company said.

Although the attack affected some business operations, Mattel’s security team cotnained it and fully restored systems before it could cause significant financial damages. Additionally, Mattel said the forensic investigation found no exfiltration of sensitive data.

“A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified,” Mattel added. “There has been no material impact to Mattel’s operations or financial condition as a result of the incident.”

The US-based toy manufacturer operates in 35 locations worldwide and holds an iconic portfolio of brands.

The quarterly report emphasized that, while Mattel has enforced processes and systems to protect personal information and prevent similar data breaches, they “do not provide absolute security.”

“Any failure or inadequacy of such systems or processes could have an adverse effect on Mattel’s business, financial condition, and results of operations,” the toymaker concluded. “While Mattel carries cyber and business continuity insurance commensurate with its size and the nature of its operations, there can be no guarantee that costs incurred as a result of cyber events will be covered completely.”