CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Data I/O Experiences Ransomware Attack and System Outages

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Data I/O, a tech manufacturer, has reported a ransomware attack on August 16, 2025, which affected its shipping, manufacturing, and production systems. The company activated its incident response protocols, including taking systems offline and implementing mitigation measures. As of August 21, 2025, the full scope and impact of the attack remain unknown, and the company is still working to restore affected systems. The attack has not yet been determined to have a material impact on the company's business operations, but the costs associated with the incident are expected to be significant. The company is conducting a third-party investigation and will notify affected individuals once the scope and impact are fully understood.

Timeline

  1. 26.08.2025 22:42 1 articles · 1mo ago

    Data I/O Confirms Ransomware Attack on August 16, 2025

    Data I/O, a tech manufacturer, reported a ransomware attack on August 16, 2025, which affected its shipping, manufacturing, and production systems. The company filed an 8-K form with regulators on August 21, 2025, confirming the attack. As of this filing, the full scope and impact of the attack remain unknown, and the company is still working to restore affected systems. A third-party investigation is underway to determine the scope and impact of the attack.

    Show sources
    Open in new tab

Information Snippets

  • Data I/O is a tech manufacturer based in Redmond, Washington.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • The ransomware attack occurred on August 16, 2025.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • The attack prompted the company to take certain systems offline and implement mitigation measures.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • Systems affected include shipping, manufacturing, production, and other functions.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • The company filed an 8-K form with regulators on August 21, 2025, confirming the attack.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • A third-party investigation is underway to determine the scope and impact of the attack.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • The company has not yet notified affected individuals due to the unknown scope and impact.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • The attack has not yet been determined to have a material impact on the company's business operations.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • The expected costs related to the incident are reasonably likely to have a material impact on the company's results of operations and financial condition.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

  • The company reported $5.9 million in sales in the last quarter, a decrease compared to the first quarter of 2025.

    First reported: 26.08.2025 22:42
    1 source, 1 article
    Show sources

Similar Happenings

Asahi Group Holdings Suffers Cyberattack Disrupting Japanese Operations

Asahi Group Holdings, Ltd., Japan's largest brewer, has suspended operations due to a cyberattack. The incident has affected ordering, shipping, customer service activities, and production at some of its 30 domestic factories in Japan. The attack began on September 29, 2025, at 7 a.m. local time. The company has not confirmed data leakage or ransom demands. Asahi Group Holdings is investigating the source of the disruption and working to restore impacted operations. The company operates four regional branches and holds significant market share in Japan and internationally. The attack has not affected operations outside of Japan. The nature of the cyberattack is unknown, but a system-wide outage suggests possible ransomware involvement.

Open in new tab

Jaguar Land Rover Production Disrupted by Cyberattack

Jaguar Land Rover (JLR) is gradually resuming operations after a severe cyberattack that disrupted its systems and manufacturing plants. The UK government has provided a £1.5 billion loan guarantee to support JLR's supply chain, which has been greatly impacted by the shutdown. The attack, which occurred over the weekend, forced the shutdown of several systems, including those at the Solihull production plant. Customer data appears unaffected, but some data was stolen during the breach. This is the second cyberattack JLR has experienced this year, following a previous incident in March. JLR operates under Tata Motors India and produces over 400,000 vehicles annually, with a revenue exceeding $38 billion. The attack impacted the ability to register new cars and supply parts at service points in the UK. The specific type of attack and timeline for recovery remain unspecified. A group identifying as "Scattered Lapsus$ Hunters" has claimed responsibility for the attack, posting screenshots of an internal JLR SAP system on a Telegram channel and stating that they deployed ransomware on the company's compromised systems.

Open in new tab

Pennsylvania Attorney General's Office Hit by Ransomware Attack

The Pennsylvania Attorney General's Office has confirmed a ransomware attack that began on August 11, 2025, lasting three weeks. The attack resulted in a service outage affecting the AG's website, email, and phone systems. The AG office refused to pay the ransom and is currently investigating the incident with other agencies. The impact includes disruptions to court proceedings, though the AG office assures that criminal prosecutions and investigations will not be affected. The extent of data exfiltration, if any, remains unknown. The AG's office has confirmed the use of file-encrypting ransomware and that the attack was carried out by an outsider attempting to extort payment. The AG office has not disclosed any details about the ransomware group responsible. Partial recovery of email and phone services has been achieved, with staff operating through alternate methods.

Open in new tab

WhatsApp Zero-Day Exploited in Targeted Attacks

A zero-day vulnerability in WhatsApp (CVE-2025-55177) was exploited in targeted attacks against specific users, chained with a separate iOS flaw (CVE-2025-43300). The flaw allowed unauthorized users to trigger content processing from arbitrary URLs on targeted devices. Apple issued threat notifications to users targeted in mercenary spyware attacks, which included individuals based on their status or function, such as journalists, lawyers, activists, politicians, and senior officials. The attacks highlight the risks of chaining multiple vulnerabilities to compromise targets, emphasizing the need for comprehensive security measures. WhatsApp patched the issue and notified affected users. Apple has sent threat notifications multiple times a year since 2021, alerting users in over 150 countries, including a fourth campaign in France in 2025. The attacks began with the exploitation of the WhatsApp zero-day vulnerability, which was chained with an iOS flaw in sophisticated attacks. Apple has been issuing threat notifications to users targeted in these attacks, advising them to enable Lockdown Mode and seek emergency security assistance. Apple introduced Memory Integrity Enforcement (MIE) in the latest iPhone models to combat memory corruption vulnerabilities, and the number of U.S. investors in spyware and surveillance technologies has increased significantly.

Open in new tab

Russian Hackers Exploit Old Cisco Vulnerability to Target U.S. Critical Infrastructure

Russian hackers, tracked as Static Tundra and associated with the FSB's Center 16 or Military Unit 71330, have been exploiting a seven-year-old vulnerability (CVE-2018-0171) in unpatched end-of-life Cisco networking devices to target enterprise and critical infrastructure networks in the U.S. and abroad. The attacks, ongoing since at least August 2024, have compromised thousands of devices, allowing the attackers to collect configuration files, change settings, and gain unauthorized access. The U.S. Department of State is offering a reward of up to $10 million for information on three FSB officers involved in these cyberattacks. The targets include organizations in the manufacturing, telecommunications, higher education, and energy sectors. The attackers use stolen SNMP credentials to control compromised devices, enabling them to run commands, change settings, and steal configurations while evading detection. They also create new local user accounts and enable remote access services like Telnet to maintain access. The attacks highlight the persistent threat of unpatched vulnerabilities and the need for robust cybersecurity measures to protect critical infrastructure. The three FSB officers, Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulov, targeted more than 380 foreign energy-sector companies in 135 countries. The suspects targeted American and foreign oil and gas firms, nuclear power plants, renewable energy firms, utility and electrical grid entities, consulting and engineering groups, and advanced technology companies. In August 2021, these officers were indicted in the US with charges of computer fraud and abuse, wire fraud, and aggravated identity theft. The Dragonfly campaign involved obtaining persistent access to victim networks and infecting them with the Havex malware through supply chain compromise. In the second phase, known as Dragonfly 2.0, the three allegedly targeted over 3,300 users at more than 500 US and international companies and entities, including US government agencies, in spear-phishing attacks.

Open in new tab