Cyber Incident Victim: Mativ Holdings
Date:
Jun 2022
Location:
United States of America
Summary
Mativ Holdings confirmed a cybersecurity incident involving unauthorized access to its network, compromising sensitive employee data from legacy Schweitzer-Mauduit and Scapa subsidiaries. The breach exposed personally identifiable information including names, dates of birth, Social Security numbers, financial account details, and medical records. Following an internal investigation to assess the incident's scope, the company notified affected individuals and relevant authorities, offering guidance on mitigating potential identity theft risks. The specialty materials firm, which operates globally with thousands of employees, addressed the intrusion through forensic reviews and breach notifications without specifying operational disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Mativ Holdings, Inc. experienced unauthorized access to portions of its computer network during June and July 2022, as confirmed through subsequent investigations. The Alpharetta-based specialty materials company, formerly known as Schweitzer-Mauduit International, Inc., discovered that an intruder had compromised sensitive employee information stored on affected systems. The breach specifically impacted personnel from legacy Schweitzer-Mauduit International and Scapa Group subsidiaries within the Mativ corporate structure. Exposed data included full names, dates of birth, Social Security numbers, financial account details, and medical information. Company investigators determined the unauthorized party accessed files containing this personally identifiable information during the two-month intrusion period. Mativ initiated a comprehensive review of compromised systems to identify both the scope of data exposure and affected individuals following breach detection. The forensic analysis confirmed variability in exposed data elements across victims, with all impacted parties having some combination of the identified sensitive attributes compromised.
On October 3, 2022, Mativ Holdings formally notified the Massachusetts Attorney General's office about the data security incident through a statutory filing. The company simultaneously initiated direct communications with affected employees via individualized data breach notification letters. These disclosures outlined the specific categories of personal information exposed in each recipient's case and provided guidance about potential fraud risks stemming from the incident. The breach impacted current and former employees across Mativ's global operations, which span North America, South America, Europe, and Asia. As a publicly traded entity with approximately 5,000 employees and $1.6 billion annual revenue, Mativ operates through Advanced Technical Materials and Fiber-Based Solutions divisions serving filtration, healthcare, packaging, and industrial sectors. The company's response included internal investigations to determine intrusion mechanisms and data exposure pathways, though technical specifics regarding attacker methodologies remained undisclosed in public filings. No evidence suggested customer or consumer data compromise beyond the employee information confirmed in the breach.