Toymaker Mattel — maker of Barbie and Ken dolls – was the victim of a ransomware attack last July on its information technology systems and data on a number of systems was encrypted.
The company said in a recent quarterly filing that it had contained the attack and although some business functions were temporarily impacted, the security team restored its operations. According to the filing, no sensitive business, retail customer, supplier, consumer, or employee data was exfiltrated.
Although Mattel carries cyber and business continuity insurance, the company said there’s no guarantee that costs incurred as a result of this or any future cyber events would be covered completely. The toymaker didn’t provide information on the nature of the ransom, such as whether the criminals wanted money only or also threatened to expose data.
"With the holiday season creeping up, there should be expectations that ransomware campaigns will increase,” said Brandon Hoffman, CISO at Netenrich. Most retailers depend heavily on online business, and adversaries view this as an opportunity to attack.
“If they can cripple systems during Black Friday, Cyber Monday, or other large shopping related events, organizations may be more willing to pay and get systems back online,” Hoffman continued. “It’s a matter of lost revenue for service availability versus the cost of the ransom.”