Cyber Incident Victim: Fiskars Group
Date:
May 2024
Location:
United States of America
Summary
Fiskars Group experienced a cybersecurity incident impacting a limited number of U.S.-based systems, though its operations remained unaffected and continued normally. The company promptly contained the incident, halted its progression, and initiated an ongoing investigation to assess potential data impacts. Law enforcement was notified, with cooperation continuing as needed, and further notifications will be issued if required. The organization emphasized its serious approach to information security and commitment to safeguarding stakeholder data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Fiskars Group experienced a cyber security incident impacting a limited number of its U.S.-based systems, as confirmed in a public disclosure on May 15, 2024. The company detected unauthorized activity affecting select operational technology but emphasized that core business functions remained unaffected, with no disruption to manufacturing, sales, or customer service channels. Upon identifying the breach, Fiskars Group implemented immediate containment protocols that successfully halted further intrusion activity. The incident did not propagate beyond the initially compromised systems, preventing operational downtime across its global brand portfolio, which includes Fiskars, Georg Jensen, Gerber, Iittala, Moomin Arabia, Royal Copenhagen, Waterford, and Wedgwood. While the precise entry vector and attacker identity remained undisclosed, the containment occurred rapidly enough to avoid cascading impacts on the company's 450 retail stores or international supply chain operations serving over 100 countries.
An investigation into the incident's scope and potential data exposure commenced concurrently with containment efforts, though findings regarding affected information categories or exfiltrated materials remained pending at the time of reporting. Fiskars Group engaged law enforcement authorities and pledged full cooperation with their investigative processes, though no specific agencies were named in the disclosure. The company committed to issuing supplemental notifications if forensic analysis revealed legal or regulatory obligations to inform stakeholders of data compromises. No ransomware claims, financial demands, or third-party claims of responsibility were acknowledged in the statement. Fiskars Group reiterated its prioritization of information security safeguards for consumer, customer, partner, and employee data without detailing specific post-incident security enhancements. The announcement coincided with the company's 375th anniversary year, during which it reported 2023 global net sales of €1.1 billion across approximately 7,000 employees, though no financial impact from the incident was disclosed.