Volex, the British integrated maker of critical power and data transmission cables, confirmed this morning that intruders accessed data after breaking into its tech infrastructure.
The AIM-listed business said that it “enacted security protocols and took immediate steps to stop the unathorised access to its systems and data” as soon as the attack was noticed.
“Specialist, third party consultants have been engaged to investigate the nature and extent of the incident, and to implement the incident response plan,” the company added in the statement to investors.
Despite the incident, “all sites remain operational, with minimal disruption to global production levels, and the Group continues to trade with its customers and suppliers.” As such, the financial fallout from the breach is “not expected to be material.”
Volex produces power cords, plugs, connectors, electric vehicle charging components, consumer cable harnesses and power products, datacenter power cables, high speed copper interconnect cables, and more. It has production sites in eastern Europe and across Asia, and generated more than £720 million ($879 million) in revenue in the year to April 2 2023.
We have asked the company how the criminals broke in, how long they were inside, what alerted Volex to the intrusion, if a ransom was demanded, and if any malware was deployed.
Shares in Volex dipped by more than 3 percent off the back of today’s warning, something pointed out by Simon Chassar, chief revenue officer at infosec biz Claroty, which specializes in working with industrial, healthcare, and public sector organizations.
“Attacks such as this can result in global supply chains going down and months-long production delays, further impacting a company’s reputation and finances,” he told The Register.
“With this potential for reputational and financial damage, cyber-physical systems including OT, IIoT and ICS must be secured as they continue to remain a prime target for cybercriminals to cause as much disruption as possible.
Chassar added: “Patching procedures need to be in place to close critical vulnerabilities within cyber-physical systems, and network segmentation with asset class policies must be implemented to limit the movement of malware and protect critical assets.” ®