Cyber Incident Victim: Kitco Metals Inc.

On December 1, 2023, Kitco Metals Inc., a prominent North American precious metals retailer and gold refiner, experienced a cybersecurity incident that disrupted its website and online store operations. The company temporarily suspended website services on Tuesday, November 30, as a precautionary measure after detecting the disruption. By Wednesday, December 1, the website remained partially disabled while an investigation involving third-party cybersecurity experts continued. Company President Bart Kitner confirmed teams were working diligently to investigate and address the issue, emphasizing the protection of customer data as their highest priority. Customer service operations shifted to phone-based support during the outage, with Kitner stating this method allowed the company to safely meet client needs while implementing precautionary measures for the website's restoration.

Initial statements from a customer service representative to Bloomberg News claimed client credit card and financial information remained uncompromised, estimating the investigation would conclude within 24 to 48 hours. However, a company spokesperson later clarified this assessment as inaccurate, stating the investigation’s timeline remained undetermined and financial data exposure could not yet be ruled out. The spokesperson confirmed the incident analysis was ongoing, with no public disclosure of specific attacker actions, intrusion methods, or data exfiltration evidence. Kitco’s operational disruption affected digital sales channels and customer access to online services, though physical operations and phone-based transactions continued. The company maintained public communication through press statements but did not disclose technical details about affected systems, containment procedures, or restoration progress beyond confirming the engagement of external cybersecurity specialists.