Cyber Incident Victim: BERNINA International AG
Date:
Apr 2023
Location:
Switzerland
Summary
BERNINA International AG was the target of a cyber attack involving malware on its IT network. The company initiated security measures, engaged external specialists, and involved authorities. It informed employees of the potential loss of sensitive data and established processes to protect them. The firm did not pay the ransom demand, and the hackers subsequently published stolen files. The company has since restored its operational capability to near pre-attack levels and is evaluating the situation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of Wednesday, April 5, 2023, BERNINA International AG became the target of a cyber attack. The IT network of the Swiss-based company was attacked using malware. The company immediately initiated the necessary security measures in response to the incident. External specialists were brought in to assist, and the relevant authorities were involved. A detailed investigation into the matter was launched concurrently with these initial response actions.
BERNINA promptly informed its employees about the potential loss of sensitive personal data as a result of the attack. The company established specific processes designed to protect the affected employees and services. The primary focus during the initial phase was on containment, investigation, and ensuring operational continuity while managing the potential data exposure for its workforce.
Through significant efforts by the internal IT team and the external cybersecurity experts, BERNINA was able to restore its operational capabilities to the level they were at prior to the attack. This recovery was achieved with only a few exceptions remaining. The restoration of services was a key milestone in the company's response, allowing business operations to resume with minimal disruption.
The attackers made financial demands as part of the attack, which BERNINA refused to meet. The company did not comply with the ransom demands of the extortionists. As a direct consequence of this refusal, the hackers published stolen files on the night of April 26, 2023. BERNINA acknowledged it was aware of this data publication. The company's assessment of the situation, based on its own findings, was that the volume of data stolen was significantly less than what the hackers had publicly claimed. BERNINA stated its intention to evaluate the situation and the specific data that was published and to take further measures as necessary based on that evaluation.
The incident impacted BERNINA International AG, the lead company within the BERNINA textile group. The group is part of the globally active family-owned holding company, Fritz Gegauf Holding AG. The headquarters of BERNINA International AG is located in Steckborn, Switzerland, where it holds a leading position in the premium segment for sewing and embroidery systems aimed at demanding, creative consumers. The company also offers long-arm quilting machines for professional applications. Other entities within the group include Melco International LLC, based in Denver, USA, a leading provider of multi-head embroidery systems for commercial and industrial use; Brewer LLC, a major distributor of sewing notions operating from Chicago, USA; Benartex LLC, a New York-based company renowned for its high-quality quilt fabrics; and OESD LLC, an Oklahoma, USA-based creator of premium embroidery designs. The cyber attack targeted the IT network of the international organization, though the specific impacts on these subsidiary operations were not detailed in the public statement. The confirmed consequence was the potential and then actual exfiltration and publication of sensitive employee data, alongside the temporary disruption to the company's operational IT systems.