Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

BK Technologies Corporation Unknown (2025) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Unknown

BK Technologies Corporation · BKTI

Information TechnologyUSAIncident September 20, 2025Filed October 6, 2025

Impact score

Business continuity

Effective

Insurance involved

Yes

Filing

8-K · 8.01

Breach taxonomy

UnknownData ExfilPersonal DataInfo Privacy Loss

Summary

On approximately September 20, 2025, BK Technologies Corporation detected suspicious activity involving its IT systems and launched an investigation with external cybersecurity advisors. A limited number of non-critical systems experienced minor disruption; the unauthorized third party was confirmed removed and access restored. The investigation indicated an unauthorized party may have obtained non-public information including records pertaining to current and former employees. The company expects a significant portion of direct costs to be reimbursed through insurance. Filed under Item 8.01; materiality not yet determined as of filing date.

Tagging rationale

ThreatUnknown

Filing does not attribute the incident to a specific actor → UNKNOWN.

MethodsData Exfil

Filing confirms an unauthorized third party 'obtained access to and acquired non-public information' from the company's IT systems → DATA-EXFIL.

Assets

Personal Data

Filing states an unauthorized party may have obtained non-public information including 'records pertaining to current and former employees' → PERSONAL-DATA.

EffectsInfo Privacy Loss

Unauthorized access to employee records with regulatory notifications and notice to affected parties intended → INFO-PRIVACY-LOSS.

Business continuityEffective

Filing states 'the Company's ability to access information impacted by this incident has been restored' and 'operations have continued throughout the period... in all material respects' → Effective.

Impact

Potential access to current and former employee records at a small communications equipment company; contained quickly with operations uninterrupted and insurance expected to cover significant portion of costs → score 2.

InsuranceYes

Filing states 'the Company currently expects that a significant portion of its direct costs incurred relating to containing, investigating and remediating the cybersecurity incident will be reimbursed through insurance recoveries' → true.

Read the original SEC filing excerpt

Item 8.01 Other Events. On or about September 20, 2025, BK Technologies Corporation (the Company) detected potentially suspicious activity involving its information technology (IT) systems. Upon detecting the issue, the Company began taking steps to assess, contain, and remediate the potentially unauthorized activity, including isolating the affected systems and launching an investigation with the assistance of external cybersecurity advisors. As a result of the incident, a limited number of non-critical systems experienced minor disruption. However, through the Company's remediation efforts, the Company believes that the third party responsible for this incident has been removed from the Company's IT systems, and the Company's ability to access information impacted by this incident has been restored. The Company's operations have continued throughout the period since the detection of the cybersecurity incident in all material respects. As part of the Company's investigation into this incident, it appears that an unauthorized third-party may have obtained access to and acquired non-public information within the Company's custody and control, which potentially includes records pertaining to current and former employees. The Company continues to investigate the nature and scope of the unauthorized access. The Company has notified law enforcement about this incident and intends to, as appropriate, furnish notice of this incident to affected parties and to regulatory agencies. The Company currently expects that a significant portion of its direct costs incurred relating to containing, investigating and remediating the cybersecurity incident will be reimbursed through insurance recoveries.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Information Technology

Unknown · April 13, 2026

Itron, Inc.

Itron was notified on April 13, 2026 that an unauthorized third party had gained access to certain corporate systems. The company activated …

Unknown · November 1, 2025

Logitech International S.A.

Logitech experienced a cybersecurity incident in which an unauthorized third party exploited a zero-day vulnerability in a third-party softw…

Unknown · August 29, 2025

EVERTEC, Inc.

On August 29, 2025, Sinqia S.A., a Brazilian subsidiary of EVERTEC, Inc., identified unauthorized activity in its Pix real-time payment envi…

Unknown · August 25, 2025

Wytec International, Inc.

On August 25, 2025, Wytec International detected that a bad actor had defaced the company website (wytecintl.com); after the company restore…