Bassett Furniture Industries, one of the largest furniture companies in the United States, faced a significant operational disruption following a ransomware attack discovered on July 10, 2024. The attack involved unauthorized access to the company’s systems, leading to the encryption of certain data files. In response, Bassett activated its incident response plan, which included shutting down some information technology systems. Consequently, the company had to halt operations at its manufacturing facilities, significantly impacting its ability to fulfill customer orders.
Despite the manufacturing shutdown, Bassett’s retail stores and e-commerce platform remain operational, allowing customers to place orders and purchase available merchandise. However, the company has acknowledged that its ability to fulfill these orders is currently hindered. Efforts are underway to restore affected systems and implement workarounds to minimize disruption. In a regulatory filing, Bassett stated that the attack “has had and is reasonably likely to continue to have a material impact on the Company’s business operations until recovery efforts are completed.” The company is still assessing whether the attack will have a substantial financial impact.
No ransomware group has come forward to claim responsibility for the attack as of now. The incident coincided with Bassett reporting a 17% decrease in revenue for the second quarter of 2024 compared to the previous year. With nearly 90 stores across the country, Bassett Furniture is a major player in the U.S. furniture market, making the attack’s impact particularly notable. The company’s prompt disclosure of the incident aligns with new SEC rules requiring the rapid disclosure of financially material cybersecurity incidents, which took effect in December for most companies.
The new SEC disclosure rules have sparked controversy and debate among companies and lawmakers, particularly regarding the definition of a “material cybersecurity incident.” Since the rules took effect, many companies have reported cyberattacks without acknowledging material impacts on their financial performance, even though subsequent disclosures have revealed significant financial losses due to incident recovery costs or operational disruptions. This week, both UnitedHealth and a car dealership company reported substantial financial impacts from cybersecurity incidents, underscoring the growing frequency and severity of such attacks in the business world. Bassett Furniture’s experience is a stark reminder of the critical need for robust cybersecurity measures and prompt incident response plans.
Reference:
