The company revealed the incident in a filing Wednesday (April 1) with the Securities and Exchange Commission (SEC), saying that it had uncovered a breach March 28, which led it to take some of its systems offline.
According to the filing, Hasbro’s investigation is ongoing—with the help of third-party cybersecurity professionals—and it is working to bring the matter to a close.
Hasbro added that it has “implemented and continues to implement business continuity plans to enable it to continue to take orders, ship product and conduct other key operations while it resolves this situation.”
“The need to run these interim measures may continue for several weeks before the situation is fully resolved and may result in some delays,” said the company, whose properties include My Little Pony, The Transformers, and games like Monopoly and Twister.
We’d love to be your preferred source for news.
Please add us to your preferred sources list so our news, data and interviews show up in your feed. Thanks!
A Wednesday report on the incident from TechCrunch said a spokesperson for Hasbro restated much of the information from the SEC filings, but declined to speak on the nature of the cyberattack, or if the company has gotten any notice from the hackers, like a ransom demand.
Advertisement: Scroll to Continue
The report also noted that hackers are increasingly targeting major companies to pilfer data and extort ransoms, but to also disrupt their operations in ways that can leave sustained financial damage.
As PYMNTS has written, these tactics include spear-phishing executives, compromising trusted third-party vendors and using insider knowledge to craft believable narratives.
TechCrunch cites the example of automaker Jaguar Land Rover, which suffered a cyberattack last year that shut down its production for months. That led the British government to administer a $1.5 billion bailout to keep the company afloat.
In other cybersecurity news, PYMNTS wrote last week about the evolving nature of zero-day vulnerabilities, the industry term for flaws unknown to vendors and therefore unpatched.
“Attackers are no longer relying solely on deep technical prowess to weaponize obscure bugs. Instead, they are integrating zero-days into broader campaigns that depend on user interaction,” that report said. “After all, exploiting a zero-day in isolation is costly, complex and often short-lived. “
But combining it with social engineering dramatically adds to its effectiveness and reach. A phishing email that goads a user into clicking a malicious link can act as the delivery mechanism “for even the most advanced exploit,” PYMNTS added.
Add as Preferred Source
