Keytronic

Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack.

The American technology company started as an Original Equipment Manufacturer (OEM) of keyboards and mice in 1969 but has since become one of the largest manufacturers of printed circuit board assembly (PCBA) worldwide, with facilities in the United States, Mexico, China, and Vietnam.

In a Friday filing with the U.S. Securities and Exchange Commission (SEC), Keytronic said it detected the incident on May 6 after disruptions at its Mexico and U.S. sites impacted business applications supporting bot operations and corporate functions.

“Due to this event, the Company incurred approximately $2.3 million of additional expenses and believes that it lost approximately $15 million of revenue during the fourth quarter,” the company said.

“Most of these orders are recoverable and are expected to be fulfilled in fiscal year 2025. Partially offsetting these additional expenses was an insurance gain in the amount of $0.7 million that was also recorded during the quarter.”

Keytronic first revealed in a May filing that the attack forced it to shut down domestic and Mexico operations for two weeks during the incident response. The company also confirmed that the attackers stole personal information from its systems during the breach.

While Keytronic has yet to attribute the attack to a specific threat group, the Black Basta ransomware gang claimed it in late May and leaked what they said was all the data stolen from the company’s systems.

Black Basta Keytronic data leak
Keytronic entry on Black Basta leak site ()

​The ransomware group said they could exfiltrate a wide range of data during the breach, including human resources, finance, engineering, and corporate files.

On its dark web leak website, Black Basta leaked screenshots of employees’ passports and social security cards, customer presentations, and corporate documents.

Black Basta is a Ransomware-as-a-Service (RaaS) operation that emerged in April 2022 and has since claimed many high-profile victims, including government contractors and healthcare companies.

Some of the notable victims include German defense contractor Rheinmetall, government contractor ABBU.S. healthcare giant Ascension, U.K. tech outsourcing firm Capita, the American Dental AssociationHyundai’s European division, the Toronto Public Library, and Yellow Pages Canada.

According to CISA and the FBI, Black Basta affiliates have breached over 500 organizations and collected at least $100 million in ransom payments from over 90 victims until November 2023.

Keytronic has yet to reply to a request for more information regarding the incident, including how many people were impacted by the resulting data breach.