Cyber Incident Victim: ibex

On August 17, 2020, ibex detected a malware attack that disrupted the availability of a limited segment of its systems. The company immediately took the affected systems offline and initiated an investigation with third-party computer specialists to determine the incident's nature and scope. By September 15, 2020, the investigation confirmed that unauthorized access to certain files had occurred between July 27 and August 17, 2020. Ibex conducted a detailed review of these files and internal systems to identify compromised information and affected individuals. On September 29, 2020, the company engaged a third-party firm to assist in analyzing the potentially impacted files. After validating the firm's findings on June 14, 2021, ibex determined that one or more folders contained personal information related to employees and their families.

Ibex began notifying potentially affected individuals following this determination, though no evidence suggested actual misuse of personal data. The company emphasized the notification was precautionary and included details about complimentary identity monitoring, fraud consultation, and identity theft restoration services. Ibex implemented additional cybersecurity measures following the incident and reinforced existing security protocols. A dedicated call center (866-871-8614) was established to address inquiries from potentially impacted individuals during specified weekday hours. The company's October 23, 2020 Annual Report (Form 20-F) initially disclosed the event, with public notification occurring via press release on August 7, 2021.