Breach taxonomy
Summary
On January 31, 2024, Willis Lease Finance Corporation detected unauthorized activity on portions of its IT systems. The company immediately took steps to contain the activity, including taking certain systems offline, and launched an investigation with third-party cybersecurity experts. The activity was fully contained by February 2, 2024. Operations continued with workarounds where necessary. The investigation into data exfiltration remained ongoing as of the filing date. Law enforcement was notified. Filed under Item 8.01; materiality not yet determined.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsMalware
Unauthorized activity on IT systems requiring system shutdowns and workarounds is consistent with malware deployment → MALWARE.
AssetsConfidential BizRevenue Process
Unauthorized activity on IT systems of an aviation leasing company affected internal business systems (CONFIDENTIAL-BIZ) and the ability to service customers (REVENUE-PROCESS).
EffectsBiz Interruption
Certain systems were taken offline and workarounds were implemented, disrupting normal business operations → BIZ-INTERRUPTION.
Business continuityPartial
Filing states the company continues to operate and service customers with workarounds implemented for some processes; systems not fully restored as of filing → Partial.
Impact
Unauthorized IT access at an aviation leasing company; contained within 2 days; scope of data exposure unknown at filing time; non-material per company assessment → score 2.
InsuranceNot disclosed
Filing makes no mention of insurance → null.
Read the original SEC filing excerpt
Item 8.01 Other Events. On February 9, 2024, Willis Lease Finance Corporation (WLFC or the Company) announced that on January 31, 2024, it detected unauthorized activity on portions of its information technology (IT) systems. An investigation into the nature and scope of the incident was launched with the assistance of leading third-party cybersecurity experts and the Company took steps to contain, assess and remediate the activity, including taking certain systems offline. The Company has not identified any unauthorized activity after February 2, 2024 and, as of the date of this filing, believes it has fully contained the unauthorized activity. The Company continues to operate and service customers, and has implemented workarounds for some of its processes where necessary. The Company, together with its team of cybersecurity experts, is working diligently to respond to and address the issues posed by the incident. The investigation to assess the complete nature, scope and impact of the incident, including what data has been exfiltrated or otherwise impacted, remains ongoing. Law enforcement has been notified of the incident.