Gates Industrial Corporation plc

Gates Corporation, also known as Gates Industrial Corporation plc, is an industrial manufacturer headquartered in the United States of America. The company's core business involves the design, manufacture, and distribution of products for power transmission and fluid power systems, serving industrial markets. Its product portfolio includes belts, hoses, and related components critical for machinery and equipment across various sectors. The organization operates as a significant entity within its specialized field, with a manufacturing and operational footprint that includes multiple facilities. The incidents from early 2023 confirm the company maintains a substantial workforce, as the breaches specifically targeted and compromised sensitive human resources data for employees. This data included personally identifiable information such as names, Social Security numbers, addresses, dates of birth, direct deposit details, and government-issued identification documents.

The company's operational scale and resilience were tested by two significant cyber incidents in February 2023. The first event was a ransomware attack that resulted in the exfiltration of employee data from human resources files. The second, shortly thereafter, was a malware attack that disrupted information technology systems, causing a temporary suspension of production and shipping operations across most of its facilities. In response, the company activated its incident response and business continuity plans, engaged external cybersecurity experts and law enforcement, and restored operations without fulfilling ransom demands. These events highlight the organization's role as a target for cybercriminals due to its industrial significance and the sensitive data it holds. While the full financial and operational impacts were still being assessed following system restoration, the incidents underscore the critical nature of its industrial supply chain position and the potential for widespread disruption from cyber attacks. The company's handling of these breaches, including notifications to affected individuals as required, forms a notable part of its recent operational history.