Breach taxonomy
Summary
On approximately September 20, 2025, BK Technologies Corporation detected suspicious activity involving its IT systems and launched an investigation with external cybersecurity advisors. A limited number of non-critical systems experienced minor disruption; the unauthorized third party was confirmed removed and access restored. The investigation indicated an unauthorized party may have obtained non-public information including records pertaining to current and former employees. The company expects a significant portion of direct costs to be reimbursed through insurance. Filed under Item 8.01; materiality not yet determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsData Exfil
Filing confirms an unauthorized third party 'obtained access to and acquired non-public information' from the company's IT systems → DATA-EXFIL.
AssetsPersonal Data
Filing states an unauthorized party may have obtained non-public information including 'records pertaining to current and former employees' → PERSONAL-DATA.
EffectsInfo Privacy Loss
Unauthorized access to employee records with regulatory notifications and notice to affected parties intended → INFO-PRIVACY-LOSS.
Business continuityEffective
Filing states 'the Company's ability to access information impacted by this incident has been restored' and 'operations have continued throughout the period... in all material respects' → Effective.
Impact
Potential access to current and former employee records at a small communications equipment company; contained quickly with operations uninterrupted and insurance expected to cover significant portion of costs → score 2.
InsuranceYes
Filing states 'the Company currently expects that a significant portion of its direct costs incurred relating to containing, investigating and remediating the cybersecurity incident will be reimbursed through insurance recoveries' → true.
Read the original SEC filing excerpt
Item 8.01 Other Events. On or about September 20, 2025, BK Technologies Corporation (the Company) detected potentially suspicious activity involving its information technology (IT) systems. Upon detecting the issue, the Company began taking steps to assess, contain, and remediate the potentially unauthorized activity, including isolating the affected systems and launching an investigation with the assistance of external cybersecurity advisors. As a result of the incident, a limited number of non-critical systems experienced minor disruption. However, through the Company's remediation efforts, the Company believes that the third party responsible for this incident has been removed from the Company's IT systems, and the Company's ability to access information impacted by this incident has been restored. The Company's operations have continued throughout the period since the detection of the cybersecurity incident in all material respects. As part of the Company's investigation into this incident, it appears that an unauthorized third-party may have obtained access to and acquired non-public information within the Company's custody and control, which potentially includes records pertaining to current and former employees. The Company continues to investigate the nature and scope of the unauthorized access. The Company has notified law enforcement about this incident and intends to, as appropriate, furnish notice of this incident to affected parties and to regulatory agencies. The Company currently expects that a significant portion of its direct costs incurred relating to containing, investigating and remediating the cybersecurity incident will be reimbursed through insurance recoveries.