January 27, 2025 · Applied Cybernetics Group
ENGLOBAL CORP — 8-K Item 1.05
- Filer
- ENGLOBAL CORP (ENGC)
- CIK
0000933738- Accession
0001654954-25-000798- Filed
2025-01-27- Records
- not stated
- Attacker
- unstated
- EDGAR
- https://www.sec.gov/Archives/edgar/data/933738/000165495425000798/eng_8ka.htm
Narrative (as filed)
As previously reported in the Original Form 8-K, on November 25, 2024, the Company became aware of a cybersecurity incident. The preliminary investigation revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files. Upon detecting the unauthorized access, the Company immediately took steps to contain, assess and remediate the cybersecurity incident, including beginning an internal investigation, engaging external cybersecurity specialists, and restricting access to its IT system. The cybersecurity incident limited the Company’s ability to access portions of its business applications that supported aspects of the Company's operations and corporate functions, including financial and operating reporting systems for approximately six weeks. As of the date hereof, the Company's operations and corporate functions have been fully restored, and the Company believes that the threat actor no longer has access to the Company's IT system. As part of its remediation efforts, the Company is working with cybersecurity experts to reinforce its IT system, strengthen its surveillance of cybersecurity threats and prevent future unauthorized access to its IT system. The cybersecurity incident involved the threat actor’s access to a portion of the Company’s IT system that contained sensitive personal information. The Company intends to provide notifications to affected and potentially affected parties and applicable regulatory agencies as required by federal and state law. Based on the information available to the Company as of the date hereof, the Company believes that the incident has not had a material impact and is not reasonably likely to have a material impact, on the Company, including the Company’s financial condition and results of operations, except as disclosed herein. Forward-Looking Statements This Amendment contains forward-looking statements within the meaning of the Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. These statements address the Company’s expectations or beliefs regarding future events, actions or performance, including the containment, assessment and remediation of the cybersecurity incident, the restoration of full access to the Company's operations and corporate functions, the threat actor’s access to the Company’s IT system, and the impact of the cybersecurity incident on the Company, including its financial condition and results of operations. Factors that could affect future developments and performance include the completion of the Company’s investigation, the possibility that containment and remediation may not be successful, the compromise or improper use of sensitive personal information resulting in negative consequences such as fines, penalties, or loss of reputation, the nature and scope of any claims, litigation or regulatory proceedings that may be brought against the Company as a result of the cybersecurity incident, the availability of insurance coverage, other legal, reputational and financial risks resulting from this or other cybersecurity incidents, the potential impact of this cybersecurity incident on the Company’s revenues, operating expenses, and operating results, and other risk factors contained in the Company’s Annual Report on Form 10-K for the year ended December 30, 2023, subsequent Quarterly Reports on Form 10-Q and other documents that the Company has filed with the SEC. 2