Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

NioCorp Developments Ltd. Unknown (2025) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Unknown

NioCorp Developments Ltd. · NB

MaterialsUSAIncident February 14, 2025Filed February 19, 2025

Impact score

Business continuity

—

Insurance involved

Not disclosed

Filing

8-K · 8.01

Breach taxonomy

UnknownAccount TakeoverCash EquivalentConfidential BizFinancial Fraud

Summary

On February 14, 2025, NioCorp Developments became aware of unauthorized third-party access to its information systems, including portions of its email systems. The attack resulted in misdirected vendor payments totaling approximately $0.5 million. The company self-discovered the incident, notified financial institutions and federal law enforcement, and began investigation and remediation steps. Filed under Item 8.01; materiality not yet determined as of filing date.

Tagging rationale

ThreatUnknown

Filing does not attribute the incident to a specific actor type → UNKNOWN.

MethodsAccount Takeover

Filing describes unauthorized third-party access to email systems that led to misdirected vendor payments, consistent with business email compromise and account takeover.

Assets

Cash Equivalent

Confidential Biz

Filing states the attack resulted in misdirected vendor payments of approximately $0.5 million, indicating cash/payment systems were compromised; email systems were also accessed.

EffectsFinancial Fraud

The direct consequence was misdirected vendor payments totaling approximately $0.5 million, constituting financial fraud.

Impact

Estimated financial loss of approximately $0.5 million from misdirected vendor payments; no operational disruption disclosed → score 1.

InsuranceNot disclosed

Filing makes no mention of insurance → null.

Read the original SEC filing excerpt

Item 8.01 Other Events. On February 14, 2025, NioCorp Developments Ltd. (the "Company") became aware of unauthorized third-party access to its information systems, including portions of its email systems, that resulted in misdirected vendor payments totaling approximately $0.5 million (the "cybersecurity incident"). The Company self-discovered the cybersecurity incident and promptly notified certain financial institutions and federal law enforcement in an effort to, among other matters, recover the misdirected vendor payments. In addition, upon discovery of the cybersecurity incident, the Company began taking steps to investigate, contain, assess and remediate the cybersecurity incident. Although the Company believes that the cybersecurity incident is limited to the misdirected vendor payments, the Company's investigation of the cybersecurity incident remains ongoing and the full scope, nature and impact of the cybersecurity incident are not yet known. As of the date of this filing, the Company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the Company's overall financial condition or its results of operations, including whether the Company will ultimately be able to recover all or a portion of the misdirected vendor payments.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Materials

Unknown · May 13, 2025

Nucor Corporation

Around May 13, 2025, Nucor Corporation identified unauthorized third-party access to certain IT systems and promptly activated its incident …

Unknown · October 18, 2024

Karat Packaging Inc.

On October 18, 2024, Karat Packaging discovered unauthorized third-party access to its information systems. The company activated its cybers…

Cyber Criminals · August 10, 2024

Orion S.A.

On August 10, 2024, Orion S.A. disclosed that a company employee was the target of a criminal scheme resulting in multiple fraudulently indu…

Priv Insider · July 25, 2024

Meta Materials Inc.

On July 25, 2024, a former executive officer of Meta Materials Inc. deliberately deactivated the company's website, corporate email, and oth…