Cyber Incident Victim: Smiths Group
Date:
Jan 2025
Location:
United Kingdom
Summary
Smiths Group experienced a cybersecurity incident involving unauthorised access to its systems, prompting immediate containment measures including isolation of affected infrastructure and activation of business continuity protocols. The company is collaborating with cybersecurity specialists to restore operations, assess potential broader impacts, and ensure compliance with regulatory obligations. Further updates will be provided as the situation develops.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Smiths Group plc publicly disclosed a cybersecurity incident on January 28, 2025, involving unauthorized access to company systems. The organization detected the unauthorized activity and promptly initiated containment measures by isolating affected systems to prevent further compromise. Concurrently, Smiths activated established business continuity plans to maintain essential operations during the disruption. The company engaged external cybersecurity specialists to assist with system recovery efforts and conduct forensic analysis to determine the full scope of the incident. While specific technical details regarding the attack vector, duration of unauthorized access, or identity of threat actors were not disclosed, Smiths confirmed the incident remained under active investigation to assess potential business impacts beyond immediate system disruptions. No information was provided regarding data exfiltration, ransomware deployment, or specific operational divisions affected by the breach.
The organization emphasized compliance with regulatory obligations stemming from the incident, though specific jurisdictions or regulatory bodies were not identified in the disclosure. Smiths maintained communication protocols through designated investor relations contacts Stephanie Heathers, Siobhán Andrews, and Ana Pita da Veiga, while media inquiries were directed to Tom Steiner and FTI Consulting representative Alex Le May. Company Secretary Matthew Whyte served as the legal point of contact. No timetable for full system restoration was provided, with Smiths committing to further updates as their investigation progressed. The disclosure contained no references to customer data compromise, financial loss estimates, supply chain disruptions, or intellectual property theft, focusing instead on containment actions and expert collaboration. Smiths Group's operational profile as a London Stock Exchange-listed entity serving energy, safety & security, aerospace & defence, and general industrial markets with approximately 15,000 employees across 50 countries established the potential breadth of impact without confirming specific business unit disruptions.