The Target: Printed circuit board assembly (PCBA) manufacturing firm Keytronic.
The Take: The cybergang claimed to have stolen financial documents, engineering data, human resources information, corporate data, and other types of data.
The Vector: The investigation into the attack, Keytronic said, has determined that limited data was accessed and exfiltrated from its environment, including personally identifiable information. The incident, the company said in a filing with the US Securities and Exchange Commission, occurred on May 6, and resulted in network disruptions.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.