Mattel has disclosed a mid-2020 ransomware attack, though it sounds like the toy maker successfully mitigated the malware attack.
Mattel performed a forensic investigation of the attack, but did not mention whether an MSSP (managed security services provider) or third-party cybersecurity company assisted the investigation.
Mattel shared some limited information about the attack in a 10-Q form filing with the SEC. The November 2020 statement said:
"On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations. A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified. There has been no material impact to Mattel's operations or financial condition as a result of the incident."
Meanwhile, Mattel's overall business has generated strong performance amid the coronavirus pandemic -- as parents apparently buy toys to occupy their kids during recent lockdowns. For the third quarter of 2020, Mattel's net sales were up 10 percent as reported, and up 11% in constant currency, versus the prior year’s third quarter, according to quarterly results announced on October 22, 2020.
