Data I/O shuts down systems in wake of ransomware attack

Electronics manufacturer Data I/O has reported a ransomware attack that took place earlier this month.

Regulatory filings from the firm show it detected a breach of internal IT systems on 6th August.

"Upon discovery, the Company promptly activated its response protocols, took steps to secure its global IT systems and implemented containment measures, including proactively taking certain platforms offline and implementing other mitigation measures," it said.

"The Company also engaged leading cybersecurity experts to support the IT system recovery and conduct a comprehensive investigation,” the Data I/O added.

“Based on the findings, the Company will take additional actions as appropriate, including notifying affected individuals and regulatory authorities in compliance with applicable laws."

According to Data I/O, containment activities have hit IT systems relating to internal and external communications, shipping, receiving, manufacturing production, and various other support functions.

The company hasn't revealed whether it's received a ransomware demand. Similarly, it said there doesn't appear to have been any significant impact on the company’s business operations.

However, Data I/O said it's likely that costs related to the incident, including fees for cybersecurity experts and other advisors, along with the cost of restoring any impacted systems, could have a material impact on its financial results.

Data I/O attack culprits still at large

Data I/O produces electronic device programming systems for integrated circuits, such as flash memory and microcontrollers, with customers including Tesla, Bosch, Amazon, Apple, Google, HP, Microsoft, Siemens, Philips, Sony, and Foxconn.

Around two-thirds of its business currently comes from automotive electronic production, including technology for electric car charging stations. It claims it serves 18 of the world's top 20 automotive electronics suppliers.

Pete Luban, Field CISO at AttackIQ, said given the domain Data I/O works in, it represents a prime target for threat actors.

"Ransomware attacks on manufacturers can have rippling effects down supply chains, especially with Data I/O’s major customers including industry giants like Tesla, Panasonic, Amazon, Google, and Microsoft," he said.

"Manufacturers should use this case as a lesson to enact proactive security measures to mitigate ransomware threats before they’re able to shut down critical systems."

Luban added that security teams should use adversarial emulation to test their defenses against baseline behaviors associated with common ransomware groups:

"This way, organizations can shut off access to sensitive systems and information and keep supply chains intact," he said.

No group has yet claimed responsibility for the attack. However, Scattered Spider or ShinyHunters are likely suspects.

"Given the geopolitics surrounding the chip industry and its high-profile customers, Data I/O is an attractive target for cyber criminals. With shipping delayed, the attack affects not only Data I/O but also the tech giants that rely on their chips to build their products," said Trevor Dearing, director of critical infrastructure at Illumio.

"By hitting critical systems, attackers drive faster payouts and cause deeper damage than traditional data breaches ever did. Ransomware now brings massive downtime, reputational harm, and financial loss."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• Ransomware victims are getting better at haggling with hackers
• The ransomware groups worrying security researchers in 2025
• A major ransomware hosting provider just got hit US with sanctions