Nothing is sacred: Ransomware attack hit toy maker Mattel’s systems this summer

Mattel said it escaped from the attack with little damage.
(Getty Images)

Count the company behind Barbie dolls and Fisher-Price toys among the ever-growing list of digital extortion victims.

A ransomware attack struck toy manufacturer Mattel this summer, the company said in a financial disclosure to the U.S. Securities and Exchange Commission. In a year when ransomware has threatened elections, hospitals and schools, the attack on Mattel demonstrates once more that the attack method is leaving no kind of target untouched.

In its Nov. 3 quarterly report, Mattel said it emerged from the attack largely unscathed, however. It discovered the intrusion on July 28, when a number of its IT systems became encrypted.

“Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems,” the company said. “Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations.”


The report continued: “A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified. There has been no material impact to Mattel’s operations or financial condition as a result of the incident.”

This wasn’t Mattel’s first brush with hackers. Cybercriminals tricked an executive in 2015 into sending over $3 million.

Latest Podcasts