Cyber Incident Victim: Steelite International

In December 2018, Steelite International, a Stoke-on-Trent-based pottery manufacturer supplying tableware to the hospitality industry across 140+ countries, experienced a targeted cyber attack. Hackers infiltrated the company’s systems through an unidentified weakness, gaining remote access from outside the UK to encrypt critical servers. The attackers specifically targeted payroll systems to create "maximum disruption," according to Group Finance Director Jon Cameron. The IT team detected suspicious activity during the intrusion, coinciding with the arrival of a ransom demand for 79 Bitcoins (approximately £197,500 at the time). Company leadership refused to engage with the threat actors or pay the ransom. While the encryption process compromised key operational files, the attackers failed to encrypt backup data due to the IT team’s intervention.

Steelite’s IT personnel worked overnight to rebuild servers from unaffected backups, successfully restoring functionality before payroll processing deadlines. This prevented delays in staff wage payments, averting significant operational and reputational consequences. The incident caused initial panic within the organization, prompting transparent communication with employees about the breach. Post-incident forensic analysis confirmed the attackers’ objective was financial extortion through operational paralysis. Steelite implemented enhanced security measures to harden systems against future attacks, though specific technical controls were not publicly disclosed. No customer data compromise or supply chain disruptions were reported, with business operations stabilizing following the IT restoration efforts. The company characterized the event as a severe but contained incident that validated their backup protocols and incident response capabilities.