DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Double trouble for JAKKS Pacific: double locked by two ransomware groups

Posted on December 28, 2022 by Dissent

JAKKS Pacific, Inc. describes itself as leading designer, manufacturer and marketer of toys and consumer products sold throughout the world. The firm is headquartered in Santa Monica, California. Its proprietary brands include Fly Wheels®, Perfectly Cute®, ReDo Skateboard Co.®, X Power Dozer®, Disguise®, Weee-Do™ and a wide range of entertainment-inspired products.

On December 8, JAKKS became the victim of not one, but two, ransomware teams. Their data was locked by Hive and it was also locked by ALPHV (BlackCat).  According to a statement by Hive’s spokesperson to DataBreaches, the two groups agreed on one price they would split if JAKKS paid: $5 million. But also according the spokesperson, JAKKS did not negotiate at all.

On December 19, Hive started leaking data they had exfiltrated.

Listing on Hive's leak site for Jakks Pacific
Hive’s listing indicates data were locked on December 8 and leaked on December 19.

 

On December 28, BlackCat added JAKKS to their leak site.

Listing for JAKKS Pacific on ALPHV's leak site includes screencaps of folders and files
Some of the folders and files show they were accessed on December 8, the same day that Hive also accessed them to lock them.

BlackCat attached five screencaps of directories as proof but have not leaked any actual files as yet.

DataBreaches asked Hive how they and BlackCat wound up locking JAKKS on the same day. Their spokesperson stated that both groups had bought access to JAKKS from the same internet access broker or affiliate.

JAKKS Responds to the Incident

On December 22, JAKKS posted a notice on its website:

Notice of Recent Cyberware Attack – December 22, 2022

On December 8, 2022, JAKKS experienced what many other companies have been and are experiencing: a ransomware attack by bad actors who inserted malware into JAKKS’ computer network and locked up our servers.

We promptly retained cyber forensics specialists who are actively investigating the incident, helping to restore our servers, taking steps to prevent a recurrence, and utilizing additional security measures to help safeguard the integrity of our system’s infrastructure and the data contained therein. Our Form 8-K describing the event was filed on December 15, 2022, and can be found at https://www.jakks.com/investors/sec-filings.php.

We believe that the data that was unlawfully accessed potentially includes personal information (including names, emails, addresses, taxpayer identification numbers, and banking information of affected individuals and businesses).

We suggest that you immediately take appropriate protective measures to safeguard your personal and banking information.

This is an ongoing investigation. JAKKS regrets any inconvenience this incident may cause. Be assured that we have been and will continue working diligently to protect the security and confidentiality of the information contained in our computer network, as we get our network up and running.

No related posts.

Category: Business SectorMalwareOf Note

Post navigation

← CommonSpirit Gets Restraining Order in Missing Patient Info Suit (UPDATED)
Counsel for alleged member of ShinyHunters tries a legal “Hail Mary” play to block extradition →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.