February 24, 2026 · Applied Cybernetics Group
UFP TECHNOLOGIES INC — 8-K Item 1.05
- Filer
- UFP TECHNOLOGIES INC (UFPT)
- CIK
0000914156- Accession
0001628280-26-011152- Filed
2026-02-24- Records
- not stated
- Attacker
- unstated
- EDGAR
- https://www.sec.gov/Archives/edgar/data/914156/000162828026011152/ufpt-20260219.htm
Narrative (as filed)
Through the Company’s efforts, the Company believes that the third party responsible for this cybersecurity incident has been removed from the Company’s IT systems, and the Company’s ability to access information impacted by this incident has been restored in all material respects. The incident appears to have impacted many but not all of the Company’s IT systems and affected functions such as billing and label making for customer deliveries. Certain Company or Company-related data appear to have been stolen or destroyed. As a result of the Company’s contingency plans and data backup systems, the Company implemented planned solutions for the issues posed by the incident. The Company’s operations have continued since the detection of the cybersecurity incident in all material respects. Although the Company has ascertained that certain files were exfiltrated, it is still investigating the extent of any sensitive information contained in the accessed systems, including whether any personal information was exfiltrated. It is evaluating what legal and regulatory notifications and filings may be required as a result of this incident and will make such filings as are required based on its findings. The Company continues to investigate the nature and scope of the unauthorized access. The Company currently expects that a significant portion of its direct costs incurred relating to containing, investigating and remediating the cybersecurity incident will be reimbursed through insurance recoveries. As of the date hereof, the incident has not had a material impact on the Company’s financial systems, operations or financial condition. While the Company’s investigation and assessment of this incident is ongoing, as of the date of this filing, the Company believes its primary IT systems are operational in all material respects and the Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations. Cautionary Statement Regarding Forward-Looking Statements This Current Report on Form 8-K contains statements about future events and expectations which are “forward-looking statements” within the meaning of Sections 27A of the Securities Act of 1933, as amended, and 21E of the Securities Exchange Act of 1934, as amended. Forward-looking statements can be identified by forward-looking words such as “may,” “might,” “could,” “would,” “should,” “will,” “anticipate,” “believe,” “plan,” “estimate,” “project,” “expect,” “intend,” “seek,” “are encouraged,” and other similar expressions. Any statement contained in this Current Report on Form 8-K that is not a statement of historical fact may be deemed to be a forward-looking statement. All forward-looking statements involve risks, uncertainties and other factors that may cause actual results to differ materially from those expressed or implied in the forward-looking statements. For example, all statements regarding the impact of the incident described above on the Company and its operations, financial systems, or financial condition, the scope of the investigation, expectations regarding the adequacy of insurance, the Company’s plans, objectives, projections and expectations regarding the Company’s operations or financial condition, and assumptions related thereto are all forward-looking statements. Factors that might cause the Company’s actual results to differ materially from those anticipated in forward-looking statements include, but are not limited to, the Company’s ongoing assessment of the impacts of the cybersecurity incident, including the Company’s potential discovery of additional information related to the incident in connection with its investigation or otherwise; the Company’s expectations regarding its ability to contain and remediate the cybersecurity incident; the impact of the cybersecurity incident on the Company’s relationships with customers, employees, and governmental regulators; the legal, reputational, and financial risks resulting from the cybersecurity incident, including as may arise from the exfiltrated data or any potential regulatory inquiries and/or litigation to which the Company may become subject in connection with the incident; any further or still undetected cyber security incident; and remediation and other additional costs that may be incurred by the Company in connection with the investigation and remediation of the incident. The forward-looking statements speak only as of the date of this Current Report on Form 8-K. The Company undertakes no obligation to publicly update or revise any forward-looking statements, whether as a result of new information, future events, or otherwise, except as required by applicable law. For additional information on identifying factors that may cause actual results to vary materially from those stated in forward-looking statements, see the Company’s Annual Report on Form 10-K for the fiscal year ended December 31, 2024, and the Company’s subsequent filings with the Securities and Exchange Commission. SIGNATUREPursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.UFP Technologies, Inc.Date: February 24, 2026By: /s/ Ronald J. Lataille Ronald J. LatailleChief Financial Officer and Senior Vice President