Breach taxonomy
Summary
On July 10, 2024, Bassett Furniture detected unauthorized access and encryption of data files (ransomware) on a portion of its IT systems. The company shut down systems as a containment measure, halting manufacturing facility operations. Retail stores and e-commerce remained open but order fulfillment was impacted. The incident was determined to have a material impact on business operations. No consumer personal information was believed to have been compromised.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to any specific threat actor → UNKNOWN.
MethodsRansomware
Filing explicitly states the threat actor disrupted operations by encrypting some data files — consistent with ransomware.
AssetsRevenue Process
Filing describes encryption shutting down manufacturing facilities and impacting order fulfillment — core revenue-generating operations.
EffectsBiz Interruption
Manufacturing facilities were shut down and order fulfillment was impacted, with the company disclosing the incident has had and is reasonably likely to continue to have a material impact on business operations.
Business continuityFailed
Filing states manufacturing facilities are not operating and order fulfillment is impacted with material ongoing impact, indicating BCP could not prevent significant disruption → Failed.
Impact
Ransomware shut down manufacturing operations at a furniture manufacturer, causing material business interruption; retail and e-commerce continued but fulfillment was impaired.
InsuranceNot disclosed
Filing makes no mention of insurance.
Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents. On July 10, 2024, Bassett Furniture Industries, Incorporated detected unauthorized occurrences on a portion of its information technology systems. Upon detecting the unauthorized occurrences, the Company immediately began taking steps to contain, assess and remediate the incident, including beginning an investigation, activating its incident response plan, and shutting down some systems. The threat actor disrupted the Company's business operations by encrypting some data files. As a result of the Company's containment measures, which included shutting down some systems, the Company has not been, and, as of the date of this Report is not operating its manufacturing facilities. The Company's retail stores and e-commerce platform are open, and customers are able to place orders and purchase available merchandise; however, the Company's ability to fulfill orders is currently impacted. The Company is working to bring the impacted portions of its IT systems back online and implement workarounds for certain offline operations with the aim of reducing disruption to its ability to serve its retail, e-commerce and wholesale customers. At this time, the Company does not believe personal information from consumers was compromised. As of the date of this filing, the incident has had and is reasonably likely to continue to have a material impact on the Company's business operations until recovery efforts are completed.