Cyber Incident Victim: Steelcase
Date:
Oct 2020
Location:
United States of America
Summary
A major office furniture manufacturer experienced a ransomware attack attributed to the Ryuk variant, leading to the proactive shutdown of affected systems to contain the incident. The company initiated containment measures and restoration efforts, maintaining no data loss or significant asset compromise occurred during the breach. While operational disruptions resulted from the network shutdown, the organization anticipated minimal material impact on its business operations or financial performance. Cybersecurity sources linked the attack to threat actors previously associated with high-profile incidents targeting other large enterprises.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 22, 2020, Steelcase Inc., the world’s largest office furniture manufacturer with 13,000 employees and $3.7 billion in annual revenue, detected a cyberattack targeting its information technology systems. The company promptly initiated containment protocols, including the temporary shutdown of affected systems and related operations to prevent further spread. This disruption occurred following the deployment of Ryuk ransomware, which encrypted devices across Steelcase’s network according to cybersecurity industry sources. The attack was linked to the same threat actor group responsible for recent incidents at Sopra Steria and Universal Health Services. Steelcase did not disclose the exact number of encrypted devices or specific operational impacts beyond the network shutdown, but the company prioritized restoring systems and resuming normal operations.
In an October 27, 2020, 8-K filing with the U.S. Securities and Exchange Commission (SEC), Steelcase confirmed the cyberattack’s occurrence and containment measures. The company stated it had no evidence of data loss or asset compromise resulting from the incident. While acknowledging the unpredictable nature of cyberattacks, Steelcase indicated it did not anticipate material operational or financial repercussions. Restoration efforts were ongoing at the time of the disclosure. BleepingComputer reported the ransomware’s identification through industry sources but noted uncertainties regarding the attack’s full scope beyond the confirmed network disruption and encryption activity.