PCBA manufacturing giant Keytronic has suffered a significant data breach after the Black Basta ransomware gang leaked 530GB of the company’s stolen data. Keytronic, initially known for manufacturing keyboards and mice, is now one of the largest producers of printed circuit board assemblies (PCBA). The company disclosed the cyberattack in an SEC filing, revealing that it occurred on May 6 and disrupted operations, limiting access to crucial business applications.
Following the attack, Keytronic had to shut down its domestic and Mexico operations for two weeks to respond to the breach, although normal operations have now resumed. The company’s investigation confirmed that the threat actors accessed and exfiltrated limited data, including personally identifiable information. Keytronic is in the process of notifying affected parties and regulatory agencies as required by law.
The financial impact of the breach is expected to be significant, with the company already incurring approximately $600,000 in expenses related to hiring external cybersecurity experts. These costs are anticipated to continue as the company addresses the fallout from the attack. The SEC filing also indicated that the attack would materially affect Keytronic’s financial condition during the fourth quarter ending June 29, 2024.
The Black Basta ransomware gang, believed to consist of former members of the Conti ransomware operation, has claimed responsibility for the attack. This group has been involved in numerous high-profile attacks, including those against Capita, Hyundai’s European division, and the American Dental Association. According to recent reports, Black Basta has breached 500 organizations between April 2022 and May 2024, extorting over $100 million in ransom payments from over 90 victims.
