The company, which is the owner of Wizards of the Coast (Dungeons & Dragons, Magic: The Gathering), Transformers, Peppa Pig, and more, revealed the incident to the US Securities and Exchange Commission (SEC) in a legally required disclosure.
In this, it revealed that it detected unauthorised access on 28 March, adding that it had to disable some of its systems to control the incident.
“Upon discovery, the company promptly activated its security incident response protocols, implemented containment measures, including proactively taking certain systems offline, and launched an investigation with the assistance of third-party cyber security professionals,” Hasbro said.
“The company’s investigation is ongoing, and it is working diligently to resolve the matter and determine the full scope of impact. The company has implemented and continues to implement business continuity plans to enable it to continue to take orders, ship product and conduct other key operations while it resolves this situation. The need to run these interim measures may continue for several weeks before the situation is fully resolved and may result in some delays.”
Hasbro said it is currently investigating to determine what data was impacted and who it belongs to, so that it can notify those affected if “necessary under applicable law”.
The nature of the cyber incident is currently unknown, nor has Cyber Daily observed any threat actors claiming responsibility for the incident.
Responding to TechCrunch, a Hasbro spokesperson denied comment on the nature of the incident or if the company had received communications from the hackers, but did say that Hasbro had “taken swift action to protect our systems and data”.
Speaking with Cyber Daily, Trevor Dearing, director of critical infrastructure solutions at Illumio, said that despite the incident, it was good to see Hasbro prepared for the worst.
“It’s really positive to see that Hasbro had business continuity plans in place, allowing the business to keep running even when systems are taken offline,” he said.
“Last year, we saw the significant impact on the retail industry when businesses have halted operations. Unlike many organisations, Hasbro has shown that having the right protocols and preparations in place means that a cyber incident doesn’t have to be a disaster.
“Security today is about knowing that breaches are inevitable, but disasters are optional. We need to see more of this kind of resilience, where essential services remain operational while the root cause is investigated and resolved. This realisation is key to maintaining trust and continuity during a cyber attack.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
