Bassett Furniture Industries has disclosed a major cyberattack that has severely disrupted its operations. The Virginia-based company revealed in a recent filing with the U.S. Securities and Exchange Commission (SEC) that it detected the breach on July 10, 2024. The Bassett Furniture data breach led to immediate shutdowns of several systems and halted manufacturing processes, posing serious challenges for the company’s business continuity.
“On July 10, 2024, Bassett Furniture Industries, Incorporated (the “Company”) detected unauthorized occurrences on a portion of its information technology (IT) systems,” reads the SEC filing.
Bassett Furniture Data Breach and Initial Response
Bassett detected unauthorized activity on its information technology (IT) systems on July 10, 2024. The company swiftly initiated its incident response plan, which involved taking immediate steps to contain the breach. This included shutting down affected systems to prevent further damage and initiating an investigation into the nature and scope of the attack.
According to the initial filing, the cyberattack disrupted Bassett’s business operations by encrypting some of its data files. As a precautionary measure, the company temporarily halted its manufacturing processes.
However, Bassett’s retail stores and e-commerce platform remained operational, allowing customers to place orders and purchase merchandise. Despite this, the company’s ability to fulfill orders was impacted due to the disruption of its manufacturing capabilities.
“As a result of the Company’s containment measures, which included shutting down some systems, the Company has not been, and, as of the date of this Report is not operating its manufacturing facilities. The Company’s retail stores and e-commerce platform are open, and customers are able to place orders and purchase available merchandise; however, the Company’s ability to fulfill orders is currently impacted,” reads the SEC filling further.
Ongoing Investigation and Business Impact
As the investigation into the Bassett Furniture cyberattack continues, Bassett stated that the full extent and impact of the attack are not yet known. The company has emphasized that, at this time, there is no evidence to suggest that personal information from consumers was compromised. Nonetheless, the incident has had a material impact on Bassett’s business operations, with potential ongoing effects as recovery efforts proceed.
The company is actively working to restore its affected IT systems and implement workarounds to mitigate disruption. Despite these efforts, the cyberattack is expected to continue affecting the company’s operations until the recovery process is complete.
Financial Implications and Restructuring Efforts
On the same day, Bassett disclosed the cyberattack, the company also reported its second-quarter earnings. The financial results reflected the strain on the business, with revenues decreasing by 17% year-over-year to $83.4 million. Bassett reported an operating loss of $8.5 million for the quarter, a significant decline from the operating profit of $2.5 million recorded in the same period last year.
In response to the financial pressures and operational challenges, Bassett announced a restructuring strategy aimed at realigning its business operations and addressing the issues exacerbated by the cyberattack. The company’s restructuring efforts are expected to play a crucial role in its recovery and long-term stability.
Cybersecurity Trends and Regulatory Changes
Bassett’s cyberattack highlights a growing trend in the design and manufacturing sectors, with high-profile companies like auction house Christie’s also falling victim to similar breaches. These incidents often come with ransom demands and represent a significant financial burden on affected businesses. The broader impact of such cyberattacks extends beyond immediate disruptions, costing American businesses billions annually.
The increased transparency around cybersecurity incidents may be attributed to recent regulatory changes. Late last year, the SEC implemented a new rule requiring publicly traded companies to disclose cyberattacks that could be material to investors. This rule aims to enhance accountability and provide investors with critical information about potential risks.
Companies such as Microsoft, Hewlett Packard, and now Bassett have adhered to this new disclosure requirement, bringing to light incidents that may have previously gone unreported. This shift towards greater transparency is crucial for stakeholders and investors, as it provides a clearer picture of the cybersecurity landscape and the risks companies face.
For now, Bassett continues to address the repercussions of the cyberattack while embarking on a restructuring strategy to stabilize and strengthen its operations in the face of adversity.