Cadre Holdings, a leading provider of safety and survivability products, has disclosed a significant cybersecurity incident through a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC). The incident, which was detected on July 15, 2024, involved an unauthorized third-party gaining access to certain technology systems of the company.
Upon detection of the breach using its security tools, Cadre Holdings stated that it promptly activated its standard response protocols. These included an immediate containment effort, an ongoing assessment, and remediation of the incident. The company has also engaged external cybersecurity experts to aid in the investigation, activated its incident response plan, notified federal law enforcement, and preemptively took certain systems offline as a precautionary measure.
Cadre Holdings Security Breach in Detail
According to the company’s profile on Linkedin, Cadre Holdings was founded in 2021 and is headquartered in Jacksonville, Florida. The company describes itself as a global provider of safety & survivability products designed for first responders, federal agencies, outdoor recreation, and personal protection markets.
The company’s core products include body armor, explosive ordnance disposal equipment and duty gear. The highly engineered products are utilized in over 100 countries by federal, state and local law enforcement, fire and rescue professionals, explosive ordnance disposal teams, and emergency medical technicians. Key brands include Safariland and Med-Eng, amongst others. The company has around 5,000 employees including two associate members.
In its SEC filing, the company said, “On July 15, 2024, Cadre Holdings, Inc determined that the Company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems of the Company.
“Following detection of the incident with its security tools, the company immediately initiated its standard response protocols to contain, assess and remediate the incident, including beginning an investigation with outside experts, activating its incident response plan, notifying federal law enforcement, and taking certain systems offline in an abundance of caution,” it said.
Despite these immediate actions, Cadre Holdings mentioned that it was still in the preliminary stages of its investigation. Consequently, the full scope, nature, and potential impact of the cybersecurity breach remained undetermined. While the company said that certain operations have been affected, it is currently unclear whether the incident will have a material impact on the company’s financial condition or operational results.
The company has emphasized that it is working diligently to understand the breadth of the incident and to restore normal operations as swiftly as possible. The Form 8-K filing states, “The Company’s investigation and response remains ongoing.” It further notes that “the Company is unable to determine at this time whether the incident has had or is reasonably likely to have a material impact on the company’s financial condition or results of operations.”
In the Form 8-K filing, Cadre Holdings included a cautionary note regarding forward-looking statements. The company acknowledged that these statements are based on its current beliefs and expectations but could be subject to change as the investigation progresses. Factors that may influence the actual outcomes include the ongoing assessment of the cybersecurity incident and its potential legal, reputational, and financial repercussions.
While the nature of the accessed data remains unknown, the potential for compromised information regarding product design or vulnerabilities could have serious consequences. Cadre Holdings has assured its stakeholders of their commitment to transparency and will provide updates as the investigation unfolds. Cadre Holdings’ commitment to resolving the situation and minimizing any adverse impacts on its stakeholders is evident in its swift and comprehensive response. As the investigation continues, the company aims to enhance its cybersecurity measures to prevent future incidents.