In a regulatory filing with the Securities and Exchange Commission on Tuesday, HanesBrands said that on May 24 it had suffered a ransomware attack. The Winston-Salem, North Carolina-headquartered company notified law enforcement and followed its incident response protocols.
HanesBrands participates in the promotional products industry as suppliers Hanes/Champion/ComfortWash (PPAI 191138, S10) and Alternative Apparel (PPAI 217134, S5).
The Incident: In its filing with the SEC, HanesBrands noted that it became aware of the ransomware attack on May 24. The company activated its incident response and business continuity plans to contain issue, and its forensic investigation and assessment is ongoing. HanesBrands reports that it is still in the early stages of its assessment and is unable to determine at this time whether the incident will have any impact on its business, operations or finances.
The company also notified law enforcement and is cooperating with their investigation, and says that it has engaged legal counsel, a cybersecurity forensic firm and other incident response professionals.
Cybercrime: In a first quarter survey of business leaders on what they perceive as their most acute business risks, research firm Gartner found that ransomware attacks were at the top of their list, ahead of even such hot-button issues as the pandemic, inflation and supply chain woes.
The issue is under government scrutiny as well. In March, the U.S. Senate passed the Strengthening American Cybersecurity Act of 2022 with broad bipartisan support. The legislation includes several measures to improve information security.
Cyber attacks can hobble businesses and have far reaching effects. A ransomware attack last October on Green Bay, Wisconsin-based Schreiber Foods, a major milk producer, disrupted the wider cream cheese supply. Philadelphia Cream Cheese rolled with the shortage, producing a marketing campaign to guide consumers through the cream cheese drought over the holiday season.
Seattle-based logistics and freight-forwarding company Expeditors International of Washington, Inc. was the subject of a targeted cyber-attack in February, and shut down most of its operating systems globally to manage the safety of its overall global systems environment. While no marketing campaign came out of the incident, the company warned that it could have a material adverse impact on its business, revenues, results of operations and reputation.
PPAI’s Director of Information Technology, Paul Elfstrom, has stated that importance of creating awareness across all company employees and training them to identify red flags and potential cyber threats. “It’s the world we live in now.