Cybersecurity Incidents

WEST PHARMACEUTICAL SERVICES INC disclosed a cybersecurity incident: data exfiltrated by unauthorized party and systems encrypted. Impact: no material impact on financial guidance; fully operational. Company determined it not material. Discovered 2026-05-04.

“Based on the investigation to date and information currently available, the Company believes that the incident has not had, and is not reasonably likely to have, a material impact on the Company’s 2026 second-quarter and full-year financial guidance.”

WEST PHARMACEUTICAL SERVICES INC disclosed a cybersecurity incident: Cybersecurity attack involving data exfiltration by an unauthorized party and encryption of certain systems. Impact: Temporarily disrupted business operations globally; core enterprise systems restored; shipping, receiving, and manufacturing restarted at some sites with restoration of remaining sites in process; material impact on financial condition and results of operations not yet determined. Company determined it material. Discovered 2026-05-04.

“On May 7, 2026, West Pharmaceutical Services, Inc. (the “Company”) determined that the Company has experienced a material cybersecurity attack, in which certain data was exfiltrated by an unauthorized party and certain systems were encrypted.”

Bitcoin Depot Inc. disclosed a cybersecurity incident: Unauthorized party gained access to certain information technology systems, obtained control of credentials associated with digital asset settlement accounts, and transferred approximately 50.903 Bitcoin from Company-controlled wallets without authorization. Impact: Incident has not had a material impact on operations; preliminary estimate of loss of approximately $3.665 million; full impact not yet determined. Company determined it material. Discovered 2026-03-23.

“On March 23, 2026, Bitcoin Depot Inc. (the “Company”) discovered that an unauthorized party gained access to certain of its information technology systems.”

CareCloud, Inc. disclosed a cybersecurity incident: temporary network disruption in the CareCloud Health division partially impacting functionality and data access to 1 of 6 electronic health record environments for approximately 8 hours, caused by an unauthorized third party. Impact: the incident has not had a material impact on operations as of the filing date, but potential consequences include remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, customers, counterparties, reputation and operations. Company determined it material. Discovered 2026-03-16.

“On March 24, 2026, the Company nevertheless determined that the incident is material in light of the sensitivity of the potentially affected information and the potential consequences of the incident, including remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, customers, counterparties, reputation and operations.”

TRIO-TECH INTERNATIONAL disclosed a cybersecurity incident: ransomware incident resulting in encryption of certain files and later escalation leading to unauthorized disclosure of certain Company data. Impact: the full scope and impact is not yet known; incident has not resulted in any material disruption to the subsidiary’s operations or the Company’s business, and the Company does not expect a material impact on financial results for the quarter ending March 31, 2026. Materiality is still being assessed. Discovered 2026-03-11.

“On March 11, 2026, Trio-Tech International (“Company”) identified and responded to a cybersecurity incident in one of its subsidiaries (“subsidiary”) in Singapore. The subsidiary experienced a ransomware incident that resulted in encryption of certain files within the Company’s network.”

UFP TECHNOLOGIES INC disclosed a cybersecurity incident: unauthorized activity involving its information technology systems, impacting billing and label making, with some data exfiltrated. Impact: The incident has not had a material impact on the Company’s financial systems, operations or financial condition; operations continued in all material respects. Company determined it not material. Discovered 2026-02-14.

“As of the date hereof, the incident has not had a material impact on the Company’s financial systems, operations or financial condition.”

WYTEC INTERNATIONAL INC disclosed a cybersecurity incident: A bad actor defaced the company's website (wytecintl.com) and did so again after restoration. The company took the website down and restored IT systems. The investigation was closed without identifying the source. Impact: The company restored IT systems and continues to work through minor operational impacts. The impacts are primarily costs associated with rebuilding the website on a new server and hosting platform and enhancing security protocols. Materiality is still being assessed. Discovered 2025-08-25.

“On August 25, 2025, Wytec International, Inc. (the “Company”) became aware of a cybersecurity incident in which a bad actor published a defaced website at the Company’s web address, wytecintl.com.”

Coupang, Inc. disclosed a cybersecurity incident: Cybersecurity incident involving unauthorized access to approximately 33 million accounts, with limited data saved from approximately 3,000 customer accounts; perpetrator identified, cooperating, and data deleted without third-party sharing. Impact: Coupang Corp. announced a customer compensation program of approximately 1.685 trillion won ($1.2 billion) in vouchers, to be reflected as reductions to selling price and revenue. Materiality is still being assessed. Discovered 2025-12-24.

“On December 24, 2025 (PST) and December 28, 2025 (PST), Coupang Corp., a wholly-owned Korean subsidiary (“Coupang Corp.”) of Coupang, Inc. (“Coupang, Inc.,” “our,” or “we”) (Coupang Corp., together with Coupang, Inc. and its subsidiaries and affiliates, “Coupang,”), issued updates (collectively, the “Updates”) on the cybersecurity incident (the “Incident”) disclosed in the Current Report on Form 8-K filed by Coupang, Inc. with the U.S. Securities and Exchange Commission (the “SEC”) on December 16, 2025.”

Coupang, Inc. disclosed a cybersecurity incident: Unauthorized access to customer accounts by a former employee, potentially exfiltrating name, phone number, delivery address, email address for up to 33 million accounts and certain order histories. Impact: Operations have not been materially disrupted; potential financial penalties from Korean regulators, and potential material financial losses from loss of revenue, remediation, litigation, etc. Materiality is still being assessed. Discovered 2025-11-18.

“On November 18, 2025, Coupang Corp. (“Coupang Corp.”), a wholly-owned Korean subsidiary of Coupang, Inc. (Coupang Corp., together with Coupang, Inc. (“Coupang, Inc.,” “our,” or “we”) and its subsidiaries and affiliates, “Coupang,”), became aware of a cybersecurity incident involving unauthorized access to customer accounts (the “Incident”).”

BayFirst Financial Corp. disclosed a cybersecurity incident: A third-party provider of marketing services experienced a cybersecurity incident resulting in unauthorized access to personal information of some BayFirst customers. Impact: No evidence of misuse or attempted misuse to date; BayFirst cannot quantify any material impact to financial condition or operations at this time. Materiality is still being assessed. Discovered 2025-08-14.

“Based on the information available to date, personal information, including name, date of birth, and social security/tax identification numbers of some BayFirst customers were accessed without authorization.”

JEWETT CAMERON TRADING CO LTD disclosed a cybersecurity incident: unauthorized access and deployment of encryption and monitoring software by a third party to a portion of the Company's internal corporate IT systems, with exfiltration of images of video meetings and computer screens. Impact: operations may be materially impacted, potentially impacting financial results for the first quarter of fiscal 2026; disruptions and limitation of access to business applications. Materiality is still being assessed. Discovered 2025-10-15.

“On October 15, 2025, Jewett-Cameron Trading Co. Ltd. (the “Company”) learned that a threat actor had gained unauthorized access to portions of the Company’s information technology (“IT”) environment and claimed to have unlawfully accessed certain Company information and data.”

F5, INC. disclosed a cybersecurity incident: A highly sophisticated nation-state threat actor gained unauthorized access to certain Company systems, maintained long-term persistent access to BIG-IP product development environment and engineering knowledge management platform, exfiltrated files including portions of BIG-IP source code and infor. Impact: The incident has not had a material impact on operations; the Company is evaluating the impact on financial condition or results of operations. No evidence of modification to software supply chain, access to CRM/financial/support case management/iHealth systems, or access to NGINX source code or F5. Materiality is still being assessed. Discovered 2025-08-09.

“As of the date of this disclosure, this incident has not had a material impact on the Company’s operations, and the Company is evaluating the impact this incident may reasonably have on its financial condition or results of operations.”

DATA I/O CORP disclosed a cybersecurity incident: ransomware incident on certain internal IT systems, originating from a vulnerability of a third-party firewall service provider. Impact: temporarily impacted operations including internal/external communications, shipping, receiving, manufacturing production, and other support functions; estimated remediation and investigation costs of approximately $388,000 expected to have a material impact on results of operations and financial co. Company determined it material. Discovered 2025-08-16.

“estimated costs related to the Incident for remediation, restoration and investigation efforts are expected to total approximately $388,000 in expenses in the third quarter ending September 30, 2025 and will likely have a material impact on the Company’s results of operations and financial condition.”

WYTEC INTERNATIONAL INC disclosed a cybersecurity incident: A bad actor published a defaced website at the Company's web address. Impact: Losses from website being inoperable, forced cancellation of a seminar, financial losses difficult to quantify but likely significant. Materiality is still being assessed. Discovered 2025-08-25.

“On August 25, 2025, Wytec International, Inc. (the “Company”) became aware of a cybersecurity incident in which a bad actor published a defaced website at the Company’s web address, wytecintl.com. After the Company restored the website from back-ups, the bad actor was able to deface the website again. To date the Company has received no contact from the bad actor, nor is it aware of any reason for this attack. On August 25, 2025, the Company took the website down, placing a temporary page on the site, while the Company continues to review the entire web platform, so that the site may return as soon as security has been confirmed. The Company anticipates these measures will lead to the full restoration and functionality of the Company’s website. Moving forward, the Company plans on taking appropriate steps, including implementing additional cybersecurity measures, to prevent further attacks. As a result of this incident, in addition to losses arising from the website being inoperable, t”

DATA I/O CORP disclosed a cybersecurity incident: ransomware incident on certain internal IT systems. Impact: temporarily impacted operations including internal/external communications, shipping, receiving, manufacturing production, and various other support functions; full restoration timeline not yet known. Materiality is still being assessed. Discovered 2025-08-16.

“On August 16, 2025, Data I/O Corporation (the “Company”) experienced a ransomware incident (the “Incident”) on certain of its internal IT systems.”

UNITED NATURAL FOODS INC disclosed a cybersecurity incident: Unauthorized activity on certain information technology systems. Impact: Reduced sales volume and increased operational costs; reasonably likely to have a material impact on net income/(loss) and adjusted EBITDA for Q4 FY2025. Company determined it material. Discovered 2025-06-05.

“Based on the information currently available to the Company, management believes that the incident is reasonably likely to have a material impact on the Company’s net income/(loss) and adjusted EBITDA for the fourth fiscal quarter of 2025 compared to its internal projections prior to the incident”

NUCOR CORP disclosed a cybersecurity incident: A threat actor illegally accessed the Company's information technology systems, exfiltrated limited data, and caused temporary limitations to access of applications supporting some operations. Impact: The incident has not had and is not reasonably likely to have a material impact on business operations, financial condition, or results of operations. Company determined it not material.

“The cybersecurity incident has not had a material impact, and is not reasonably likely to have a material impact, on the Company’s business operations, and has not had a material impact, and is not reasonably likely to have a material impact, on the Company’s financial condition or results of operations.”

Zoomcar Holdings, Inc. disclosed a cybersecurity incident: cybersecurity incident involving unauthorized access to information systems; an unauthorized third party accessed a limited dataset containing certain personal information of approximately 8.4 million users, including names, phone numbers, car registration numbers, personal addresses and email addre. Impact: To date, the incident has not resulted in any material disruption to the Company's operations; the Company continues to evaluate scope and potential impacts including legal, financial, and reputational considerations and remediation costs. Materiality is still being assessed. Discovered 2025-06-09.

“On June 9, 2025, Zoomcar Holdings, Inc. (the “Company”) identified a cybersecurity incident involving unauthorized access to its information systems.”

Coinbase Global, Inc. disclosed a cybersecurity incident: The threat actor obtained customer account information (name, address, phone, email, masked SSN, masked bank account numbers, government ID images, account data including balance snapshots and transaction history, and limited corporate data) by paying multiple contractors or employees in support rol. Impact: The company has not experienced material operational impacts as of the date hereof; full financial impact is still being assessed; preliminary estimated expenses $180 million to $400 million for remediation costs and voluntary customer reimbursements. Materiality is still being assessed. Discovered 2025-05-11.

“While Coinbase has not experienced material operational impacts from these events as of the date hereof, the full financial impact of the Incident on the Company is still in the process of being assessed.”

NUCOR CORP disclosed a cybersecurity incident: Unauthorized third party access to certain information technology systems. Impact: Temporarily and proactively halted certain production operations at various locations; currently in the process of restarting affected operations. Materiality is still being assessed.

“As the investigation of the incident is ongoing, the Company will continue to monitor the timing and materiality of the incident.”

KEY TRONIC CORP disclosed a cybersecurity incident: unauthorized third party access to portions of its information technology systems. Impact: has caused disruptions and limitation of access to portions of business applications supporting operations and corporate functions, including financial and operating reporting systems. Company determined it not material. Discovered 2024-05-06.

“the Company does not believe the incident is reasonably likely to have a material impact on the Company, including its financial condition or results of operations”

BRANDYWINE OPERATING PARTNERSHIP, L.P. disclosed a cybersecurity incident: unauthorized access and deployment of encryption by a third party to a portion of the Company's internal corporate IT systems, with exfiltration of certain files. Impact: disruptions to and limitation of access to portions of business applications supporting operations and corporate functions, including financial and operating reporting systems; no material impact on operations or financial condition to date. Company determined it not material. Discovered 2024-05-01.

“the incident has not otherwise had a material impact on the Company’s operations. As of the date of this filing, the Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

DROPBOX, INC. disclosed a cybersecurity incident: Unauthorized access to the Dropbox Sign (formerly HelloSign) production environment, accessing user data such as emails, usernames, account settings, and for some users phone numbers, hashed passwords, and authentication information. Impact: No evidence of access to user account contents or payment information; incident limited to Dropbox Sign infrastructure; no material impact on overall business operations determined. Company determined it not material. Discovered 2024-04-24.

“On April 24, 2024, Dropbox, Inc. (“ Dropbox ” or “ we ”) became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment.”

Frontier Communications Parent, Inc. disclosed a cybersecurity incident: Third party gained unauthorized access to portions of information technology environment; likely a cybercrime group; accessed personally identifiable information. Impact: Operational disruption from containment measures could be considered material; core IT environment restored; does not believe incident is reasonably likely to materially impact financial condition or results of operations. Company determined it not material. Discovered 2024-04-14.

“The Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

ORASURE TECHNOLOGIES INC disclosed a cybersecurity incident: An unauthorized third party gained access to Company data from certain information systems, and certain files were exfiltrated. Impact: The incident has not had a material impact on operations, financial systems, or financial condition, and the Company does not anticipate a material impact moving forward. Information systems are operational. Company determined it not material. Discovered 2024-03-27.

“On or about March 27, 2024, OraSure Technologies, Inc. (the “Company”) became aware of a cybersecurity incident in which an unauthorized third party gained access to Company data from certain information systems.”

BRC Group Holdings, Inc. disclosed a cybersecurity incident: A threat actor gained unauthorized access to certain of Targus’ file systems. Impact: Temporary interruption in the business operations of the Targus network; incident contained and systems recovery efforts are in process. Company determined it not material. Discovered 2024-04-05.

“the Company does not currently believe that this incident will materially impact the Company’s financial condition or results of operations taken as a whole.”

MARINEMAX INC disclosed a cybersecurity incident: A third party gained unauthorized access to a limited portion of the information environment associated with the retail business, exfiltrating limited data including customer and employee personally identifiable information. Impact: Containment measures resulted in some disruption to a portion of the business; operations continued in all material respects; the company has incurred certain expenses and continues to evaluate the full impact. Materiality is still being assessed. Discovered 2024-03-10.

“as of the date of this filing, the Incident has not had a material impact on the Company’s operations, and the Company is still in the process of determining whether the Incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

SouthState Bank Corp disclosed a cybersecurity incident: On February 6, 2024, SouthState Bank, N.A. detected a cybersecurity incident. Upon detection, SouthState initiated incident response and business continuity protocols, took measures to disrupt unauthorized activity, conducted an investigation with a cybersecurity firm, and notified banking regulator. Impact: The cybersecurity incident had a significant impact on certain of SouthState's business processes, but as of the filing date, it has not had a material impact on SouthState's overall financial condition or results of operations, and SouthState has determined that the incident is not reasonably likel. Company determined it not material. Discovered 2024-02-06.

“it has not had a material impact on SouthState’s overall financial condition or results of operations, and SouthState has determined that the incident is not reasonably likely to have a material impact on its financial conditions or results of operations.”

RADIANT LOGISTICS, INC disclosed a cybersecurity incident: initial stages of a cybersecurity incident related to its Canadian operations. Impact: service delays for customers in Canada, but no material impact on overall operations yet determined. Materiality is still being assessed. Discovered 2024-03-14.

“While the investigation is ongoing, as of the date of this filing, the incident has not had a material impact on the Company’s overall operations, and the Company has not determined the incident is reasonably likely to materially impact the Company's financial conditions or results of operations.”

MARINEMAX INC disclosed a cybersecurity incident: unauthorized third-party access to portions of its information environment. Impact: containment measures resulted in some disruption to a portion of the business; operations continued in all material respects; incident has not had a material impact on operations; still determining if reasonably likely to materially impact financial conditions or results. Materiality is still being assessed. Discovered 2024-03-10.

“determined on March 10, 2024, that it experienced a “cybersecurity incident,” as defined in applicable Securities and Exchange Commission rules, whereby a third party gained unauthorized access to portions of its information environment”

MICROSOFT CORP disclosed a cybersecurity incident: a nation-state threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including senior leadership and cybersecurity, legal, and other functions, and has used or attempted to use that information to gain unauthorized access to source code re. Impact: the incident has not had a material impact on the Company’s operations, but the Company has not yet determined that it is reasonably likely to materially impact financial condition or results of operations. Materiality is still being assessed.

“As of the date of this filing, the incident has not had a material impact on the Company’s operations. The Company has not yet determined that the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

UNITEDHEALTH GROUP INC disclosed a cybersecurity incident: cybercrime threat actors accessed certain Change Healthcare IT systems. Impact: disruption to pharmacy, medical claims and payment services; company working to restore systems. Materiality is still being assessed.

“As of the date of this Amendment, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

Federal Home Loan Bank of New York disclosed a cybersecurity incident: unknown persons attempted to fraudulently obtain funds from the Bank due to a fourth-party vendor compromise. Impact: no unauthorized transactions executed, no monies transferred, Bank members able to continue transactions, no material impact on operations or financial condition. Company determined it not material. Discovered 2024-02-21.

“On February 21, 2024, the Federal Home Loan Bank of New York (“Bank”), through its operational controls, detected unknown persons attempting to fraudulently obtain funds from the Bank (the “incident”).”

Cencora, Inc. disclosed a cybersecurity incident: data from its information systems had been exfiltrated, some of which may contain personal information. Impact: the incident has not had a material impact on the Company’s operations, and its information systems continue to be operational. Materiality is still being assessed. Discovered 2024-02-21.

“On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information.”

UNITEDHEALTH GROUP INC disclosed a cybersecurity incident: a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Impact: the Company proactively isolated the impacted systems from other connecting systems; working to restore systems but cannot estimate the duration or extent of the disruption; certain networks and transactional services may not be accessible. Company determined it not material. Discovered 2024-02-21.

“As of the date of this report, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

PRUDENTIAL FINANCIAL INC disclosed a cybersecurity incident: a threat actor gained unauthorized access to certain systems, accessed and exfiltrated limited data including client information, personally identifiable information, and Company administrative/user data, and accessed a small percentage of employee/contractor accounts. Impact: No evidence of malware, ransomware, data destruction/alteration; incident has not had a material impact on operations; Company has not determined it is reasonably likely to materially impact financial condition or results. Materiality is still being assessed. Discovered 2024-02-05.

“As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

PRUDENTIAL FINANCIAL INC disclosed a cybersecurity incident: A threat actor gained unauthorized access to certain systems; accessed administrative and user data from certain IT systems and a small percentage of user accounts of employees and contractors. Impact: The incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations. Company determined it not material. Discovered 2024-02-05.

“On February 5, 2024, Prudential Financial, Inc. (the “Company” or “we”) detected that, beginning February 4, 2024, a threat actor had gained unauthorized access to certain of our systems. With assistance from external cybersecurity experts, we immediately activated our cybersecurity incident response process to investigate, contain, and remediate the incident. As of the date of this Report, we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors. We continue to investigate the extent of the incident, including whether the threat actor accessed any additional information or systems, to determine the impact of the incident. On the basis of the investigation to date, we do not have any evidence that the threat actor has taken customer or client data. We have reported this matter to relevant la”

SouthState Bank Corp disclosed a cybersecurity incident: detected a cybersecurity incident on February 6, 2024; proactively isolated parts of its network causing some disruption to business processes. Impact: incident has not had a material impact on operations as of filing date; ongoing investigation; not yet determined if reasonably likely to materially impact financial condition or results. Materiality is still being assessed. Discovered 2024-02-06.

“the incident has not had a material impact on the Company's operations, and the Company has not determined the incident is reasonably likely to materially impact the Company's financial conditions or results of operations”

Hewlett Packard Enterprise Co disclosed a cybersecurity incident: Unauthorized access by suspected nation-state actor Midnight Blizzard/Cozy Bear to HPE's cloud-based email environment; data accessed and exfiltrated beginning in May 2023 from a small percentage of HPE mailboxes. Impact: Incident has not had a material impact on operations; the Company has not determined it is reasonably likely to materially impact financial condition or results of operations. Company determined it not material. Discovered 2023-12-12.

“As of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

MICROSOFT CORP disclosed a cybersecurity incident: A nation-state associated threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including members of senior leadership and employees in cybersecurity, legal, and other functions. Impact: The incident has not had a material impact on operations; the Company has not yet determined whether it is reasonably likely to materially impact financial condition or results of operations. Materiality is still being assessed. Discovered 2024-01-12.

“On January 12, 2024, Microsoft (the “Company” or “we”) detected that beginning in late November 2023, a nation-state associated threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, on the basis of preliminary analysis.”

V F CORP disclosed a cybersecurity incident: Unauthorized occurrences on a portion of its IT systems, theft of personal data of approximately 35.5 million individual consumers. Impact: Disruption to operations including interrupted replenishment of retail store inventory and delayed order fulfillment; impacts are no longer ongoing and are not material to financial condition and results of operations. Company determined it not material. Discovered 2023-12-13.

“As of the date of this Amendment, VF also believes the impacts of the cyber incident are not material and are not reasonably likely to be material to its financial condition and results of operations.”

First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain of its information technology systems. Impact: material impact on Q4 2023 results of operations; revenue delayed from Q4 2023 to Q1 2024; loss of revenue from transactions moved to other providers; one-time expenses incurred. Materiality is still being assessed.

“As disclosed in the Original Report, the Company identified unauthorized activity on certain of its information technology systems. Upon detection, the Company acted to contain, assess and remediate the incident.”

First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain information technology systems; perpetrator accessed certain Company systems, exfiltrated data and encrypted data on certain non-production systems. Impact: Company is in the process of restoring access to its systems and resuming normal business operations; material impact cannot be determined yet. Materiality is still being assessed.

“The Company continues to assess whether the incident will have a material impact on the Company’s financial condition or results of operations, which at this point cannot be determined.”

First American Financial Corp disclosed a cybersecurity incident: unauthorized activity on certain information technology systems. Impact: cannot estimate duration or extent of disruption; primary website may be inaccessible. Materiality is still being assessed.

“The Company is also assessing the impact of the incident and whether it may have a material impact on its financial condition and results of operations, which at this point cannot be determined.”

V F CORP disclosed a cybersecurity incident: Unauthorized occurrences detected on IT systems, threat actor encrypted some IT systems and stole data including personal data. Impact: Has had and is reasonably likely to continue to have a material impact on business operations; not yet determined whether reasonably likely to materially impact financial condition or results of operations. Materiality is still being assessed. Discovered 2023-12-13.

“The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”