Skip to main content

Toy Company Mattel Was Latest Victim Of Ransomware Attack

By November 14, 2020May 5th, 2022Cybersecurity

When you were growing up, your parents probably bought you all sorts of toys made by Mattel. From Hotwheels to Barbie to the full line of Toy Story toys and more, Mattel is a global force in the world of toys.

In fact, they are the second largest toy maker in the world, with more than 24,000 employees and gross revenue of nearly six billion dollars in 2019.

On July 28th, 2020, the company’s network was successfully breached and a strain of ransomware deployed against them, which encrypted some of the company’s files and caused disruptions in the firm’s ongoing operations.

The company released an official disclosure about the incident which reads in part, as follows:

“On July 28, 2020, Mattel discovered that it was the victim of a ransomware attack on its information technology systems that caused data on a number of systems to be encrypted. Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems. Mattel believes it has contained the attack and, although some business functions were temporarily impacted, Mattel was able to restore its critical operations.”

Part of the company’s response was to launch a forensic investigation in cooperation with law enforcement. That process has been completed, and based on its conclusion, Mattel updated their initial disclosure. It now says that it does not appear that any customer, supplier, consumer or employee data was exfiltrated by the hackers.

Of interest, neither the initial disclosure or the update gave any indication of the specific ransomware strain used, or the exact scale of the impact. Although there’s circumstantial evidence that suggests the strain in question was Trickbot.

Whatever the strain, the bottom line is that no customer data appears to have been stolen. So if you have an account on Mattel’s website, there’s nothing you need to do, except be aware that the attack occurred.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.