Cyber Incident Victim: Targus International, LLC
Date:
Apr 2024
Location:
United States of America
Summary
A threat actor gained unauthorized access to Targus International's file systems, prompting immediate containment measures that temporarily disrupted business operations. The incident has been contained with recovery efforts ongoing, and while the investigation continues, the parent company does not anticipate material financial impact; relevant authorities and law enforcement have been notified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 5, 2024, Targus International, LLC and its affiliates, indirect subsidiaries of B. Riley Financial, Inc., discovered that an unauthorized threat actor had gained access to certain file systems within their network. Upon identifying the intrusion, Targus immediately activated its incident response and business continuity protocols, engaging external cybersecurity counsel and consultants to assist with containment and remediation efforts. As part of these proactive measures, Targus deliberately interrupted its business operations to disrupt the threat actor’s access and prevent further unauthorized activity. This containment strategy resulted in a temporary but significant operational outage affecting the Targus network. The incident was confined to Targus systems, with no impact on B. Riley Financial’s other subsidiaries, all of which continued normal operations without material disruption. By the time of B. Riley Financial’s SEC filing on April 8, 2024, the incident had been fully contained, though system recovery efforts remained ongoing. The company emphasized that Targus historically contributed minimally to its Operating Adjusted EBITDA, suggesting limited financial exposure from the disruption.
The cyberattack triggered mandatory disclosure under new SEC rules requiring public companies to report material cybersecurity incidents within 96 hours of discovery. Targus notified relevant regulatory authorities and committed to collaborating with law enforcement regarding the unauthorized access to information, though the filing did not specify whether data exfiltration occurred. B. Riley Financial stated it did not anticipate the incident would materially affect its overall financial condition or operational results, citing Targus’s non-core status within its diversified business portfolio. The parent company acquired Targus in 2022 for approximately $250 million, positioning it as a subsidiary within its broader corporate structure. While recovery timelines were undisclosed, the operational interruption underscored the immediate business consequences of the containment strategy. No details emerged regarding the attack vector, threat actor identity, or specific file systems compromised, as the investigation remained active at the time of reporting.