As if COVID-19 wasn't bad enough, Steelcase reported Thursday that the Cyberattack on their systems was much worse than originally reported.
Steelcase’s latest Form 8-K filed Thursday highlights the devastation that ensued after the company reported the attack on Oct. 22. In that initial filing, Steelcase stated that “although cyberattacks can be unpredictable, (Steelcase) does not currently expect this incident will have a material impact on its business operations or its financial results.”
And, it turns out, Thursday's filing paints a very different picture. In it, Steelcase noted that it shut down most of its global order management, manufacturing, and distribution systems for two weeks following the attack. The company now says that operations have returned to normal.
“(Steelcase) has resumed normal operations and is working to ship orders delayed by the shutdown and to return to normal order lead times,” the filing said. “Due to the time of the operational shutdown, which spanned into early November, (Steelcase) expects that some shipments which were originally scheduled for the company’s third-quarter will not ship until the fourth quarter.”
The company says it incurred additional costs for overtime and expedited freight as it works through the backlog of orders. Steelcase also incurred costs related to remediating, restoring, and reinforcing its IT systems.
Steelcase also suggested there is no evidence that sensitive business data — including intellectual property and customer, supplier, and employee data — had been exfiltrated from the system.