Breach taxonomy
Summary
On November 25, 2024, ENGlobal Corporation became aware of a cybersecurity incident in which a threat actor illegally accessed the company's IT systems and encrypted some data files. The company immediately restricted IT system access to essential business operations and engaged external cybersecurity specialists for investigation and remediation. As of the filing date, full access to IT systems had not been restored and materiality had not been determined.
Tagging rationale
ThreatUnknown
Filing refers to 'a threat actor' without attributing the incident to a specific actor category -> UNKNOWN.
MethodsRansomware
Filing explicitly states 'a threat actor illegally accessed the Company's information technology system and encrypted some of its data files' -> RANSOMWARE.
AssetsRevenue Process
Encrypted data and restricted IT access limited business operations to essential functions only -> REVENUE-PROCESS.
EffectsBiz InterruptionCyber Extortion
IT system access was restricted to essential operations with full restoration timeline unknown, constituting business interruption (BIZ-INTERRUPTION); ransomware encryption implies extortion demand (CYBER-EXTORTION).
Business continuityPartial
Filing states access to IT 'is limited to essential business operations' while restoration is ongoing with unclear timeline -> Partial.
Impact
Small-cap energy engineering company with encrypted files and IT restricted to essential operations; no data exfil confirmed, no quantified financial impact, materiality not yet determined -> score 2.
InsuranceNot disclosed
Filing makes no mention of insurance -> null.
Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents. On November 25, 2024, ENGlobal Corporation (the "Company") became aware of a cybersecurity incident. The preliminary investigation has revealed that a threat actor illegally accessed the Company's information technology ("IT") system and encrypted some of its data files. Upon detecting the unauthorized access, the Company immediately took steps to contain, assess and remediate the cybersecurity incident, including beginning an internal investigation, engaging external cybersecurity specialists, and restricting access to its IT system. As a result of these and other measures, and while the investigation and remediation efforts remain ongoing, access to the Company's IT system is limited to essential business operations. The timing of restoration of full access to the Company's IT system remains unclear as of the date of this filing. The Company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the Company's financial condition or results of operations.