Mattel, the maker of Barbie, Fisher-Price, and Hot Wheels toys, admitted that it suffered a ransomware attack on June 28, 2020. According to a 10-Q form filed with the Securities and Exchange Commission (SEC), the company said the attack “caused data on a number of systems to be encrypted.”
“Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations,” the company wrote.
The report is interesting precisely because the attack didn’t actually damage the company. Given that one single variant of the NetWalker ransomware nabbed $25 million from victims this year while another infection effectively killed a patient in a German hospital, the fact that Mattel skirted real damage is encouraging and/or lucky.
“A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified,” the company wrote. “There has been no material impact to Mattel’s operations or financial condition as a result of the incident.”
The U.S. saw 145.2 million ransomware attacks, a 139% increase year-over-year, according to security firm HelpNetSecurity. The most popular ransomware this year, Ryuk, attack 67.3 million machines alone, a massive number. A site called NoMoreRansom is aimed at helping companies like Mattel and others crack ransomware attacks before they become a real internal problem. Many, sadly, are beyond help without backups or lots of luck.