Cyber criminals have struck one of the world’s largest producers of basic apparel.
HanesBrands (asi/59528), whose products sell extensively in the North American promotional products industry, has revealed that it suffered a ransomware attack on May 24. The Winston-Salem, NC-based global apparel maker has reportedly hired a third-party forensic cybersecurity firm to help investigate the breach.
In-depth details, including whether HanesBrands has paid a ransom, weren’t immediately available. It also wasn’t yet clear if the attack affected information pertaining to employees and customers, or if it was limited to internal operations.
“As the company is in the early stages of its investigation and assessment of this event, the company cannot determine at this time whether or not such event will have a material impact on its business, operations or financial results,” HanesBrands said in regulatory filing with the Securities and Exchange Commission.
Following the attack, HanesBrands said it activated its incident response and business continuity plans to limit the impact. The firm notified law enforcement and involved legal counsel.
The attack comes on the heels of a positive first-quarter financial performance in which HanesBrands increased total global sales by 4.5% year over year to $1.57 billion. Net income for the quarter rose to $118.7 million, which translated to earnings per share of $0.34.
Ransomware attacks have been on the rise. According to a May 24 report filed with the U.S. Senate Homeland Security and Governmental Affairs Committee, cyber criminals perpetrated at least 2,323 ransomware attacks on local governments, schools and healthcare providers in the United States in 2021.
— Theresa Hegel (@TheresaHegel) June 4, 2021
Meanwhile, the FBI reportedly received 3,729 ransomware complaints in 2021, with adjusted losses totaling $49.2 million. Still, the FBI considers the reported number “artificially low,” with the real amount of ransomware attacks likely much higher and with the financial cost of such strikes in the range of several hundred million dollars to as much as $10 billion.
In recent years, promo products firms have increasingly been subjected to ransomware assaults, too. Top 40 companies have been victimized, including heavyweights like alphabroder (asi/34063), Hit Promotional Products (asi/61125) and Bag Makers (asi/37940).
While those firms recovered from the cyber strikes, others haven’t been as lucky. In 2018, a ransomware attack broke the back of now-defunct supplier Colorado Timberline, compelling the company to shutter operations.
Promo companies, like those in the broader business community, have been building up cyber defenses to deflect attacks, but systems often remain vulnerable due to human error. If, for instance, an employee downloads a ransomware-infected file or clicks on a bad link, a company’s entire system can be compromised. Industry firms should routinely educate employees about how to identify and avoid cyber threats.