The Bassett Furniture ransomware attack has forced the company to shut down its manufacturing facilities, causing significant operational disruptions. Bassett Furniture Industries, one of the largest furniture companies in the U.S., had to shut down its manufacturing facilities following a ransomware attack that began last week. The ransomware attack on Bassett Furniture significantly disrupted its operations, prompting an immediate response from the company.

On July 10, Bassett Furniture discovered unauthorized access to its IT systems, resulting in the encryption of some data files by the hacker. The company swiftly activated its incident response plan, shutting down certain systems to contain the breach, as detailed in a regulatory filing on Monday.

To contain the breach, Bassett Furniture shut down its manufacturing facilities. “Due to the Company’s containment measures, which included shutting down some systems, the Company has not been, and, as of the date of this Report, is not operating its manufacturing facilities,” stated Bassett Furniture in an 8-K filing with the Securities and Exchange Commission (SEC).

Despite the disruptions, Bassett Furniture assured customers that its retail stores and e-commerce platform remain operational, allowing orders and purchases of available merchandise. However, the company noted that its order fulfillment capability is currently impacted.

Company officials are working diligently to restore affected systems and implement workarounds to mitigate the disruption caused by the ransomware attack on Bassett Furniture. The company acknowledged that the attack “has had and is reasonably likely to continue to have a material impact on the Company’s business operations until recovery efforts are completed.”

While the full financial impact of the ransomware attack on Bassett Furniture remains uncertain, the company has not ruled out the possibility of a material impact on its financial performance. As of Tuesday afternoon, no ransomware group had claimed responsibility for the attack.

With nearly 90 stores across the U.S., Bassett Furniture is one of the largest manufacturers and marketers of furniture in the country. On the same day as the ransomware attack, the company reported a 17% decrease in revenue for the second quarter of 2024 compared to the previous year.

This incident comes amid a rising trend of cybersecurity incidents being reported to the SEC. New regulations requiring companies to quickly disclose financially “material” cybersecurity incidents took effect for most companies on December 18, with smaller companies given an additional 180 days to comply. These rules have sparked controversy, with companies and lawmakers questioning the definition of a “material cybersecurity incident” in the context of frequent cyber intrusions faced by large organizations.

Since the new rules were implemented, most SEC filings have stated that cyberattacks did not have a “material” effect on the company’s bottom line, despite subsequent acknowledgments of significant financial losses due to incident recovery costs or operational shutdowns. This week alone, both UnitedHealth and a major car dealership company reported substantial financial impacts from cybersecurity incidents.

The ransomware attack on Bassett Furniture underscores the growing threat of cyberattacks and their potential to cause significant operational and financial disruption for large companies.