{
	"id": "59c22611-89cc-4650-8c5a-a88bbef69c1d",
	"created_at": "2026-04-06T00:10:04.739886Z",
	"updated_at": "2026-04-10T03:20:41.231372Z",
	"deleted_at": null,
	"sha1_hash": "84379794e2ade1a385f562be6c19e00f2e5b7d03",
	"title": "Toy maker Jakks Pacific reports cyberattack after multiple ransomware groups leak data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 250529,
	"plain_text": "Toy maker Jakks Pacific reports cyberattack after multiple\r\nransomware groups leak data\r\nBy Jonathan Greig\r\nPublished: 2023-02-02 · Archived: 2026-04-05 14:05:08 UTC\r\nToy production giant Jakks Pacific reported a cyberattack to the U.S. Securities and Exchange Commission last\r\nweek after two different ransomware gangs posted stolen information to their leak site.\r\nOn December 22, the company released a notice confirming it had suffered a ransomware attack on December 8\r\nthat encrypted their servers.\r\nThe firm – which is one of the biggest toy companies in the world thanks to licensing deals with Disney and\r\nNintendo – hired cybersecurity experts to deal with the incident and restore their servers.\r\nThe company filed documents with the SEC in mid-December confirming the incident.\r\n“We believe that the data that was unlawfully accessed potentially includes personal information (including\r\nnames, emails, addresses, taxpayer identification numbers, and banking information of affected individuals and\r\nbusinesses),” the company said in a statement. \r\n“We suggest that you immediately take appropriate protective measures to safeguard your personal and banking\r\ninformation. This is an ongoing investigation.”\r\nThe company said it is still working to restore its network and to “protect the security and confidentiality of the\r\ninformation contained in our computer network.”\r\nIn its letter to the SEC, CFO John Kimble said the company used “containment protocols to mitigate the impact of\r\nthe threat” but realized on December 14 that “certain data, including personal data of employees, had been\r\nextracted from the Company’s IT System.”\r\n“The Company is in the early stages of its investigation and assessment of the incident. Based on the information\r\ncurrently known, the Company does not currently believe the incident will have a material adverse impact on its\r\nbusiness, operations or financial results,” Kimble said, noting that it is still investigating what other information\r\nmay have been accessed. \r\nhttps://therecord.media/toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data/\r\nPage 1 of 4\n\nThe company reported record profits in 2022 thanks to the success of merchandise resulting from films like\r\nDisney's \"Encanto\" and \"Sonic the Hedgehog.” Jakks is expecting an even bigger 2023 with the coming release of\r\nthe \"Super Mario Brothers\" movie. \r\nBut the attack on the company caused a minor stir among cybersecurity experts because two different ransomware\r\ngroups – Hive and BlackCat – posted data stolen from Jakks.\r\nHive leaked first, posting stolen information on December 19. BlackCat followed on December 28, with\r\nscreenshots of information uploaded to their leak site. \r\nA spokesperson for the Hive ransomware gang told DataBreaches that both groups bought access to the\r\ncompany’s network from an initial access broker and agreed to split a $5 million ransom. \r\nThe company refused to pay and did not negotiate, the representative said. \r\nThe situation highlights one of the more underreported aspects of the ransomware ecosystem: the prevalence of\r\ninitial access brokers and wholesale access markets.\r\nhttps://therecord.media/toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data/\r\nPage 2 of 4\n\nMany ransomware groups typically do not attack companies themselves, instead buying access from hackers who\r\ndo the initial leg work and then sell the spoils. \r\nIn September, experts said they had traced almost 700 ransomware incidents back to wholesale access markets —\r\nplatforms where people sell access to compromised endpoints, and more.\r\nOne initial access broker told The Record in August that it is also common for affiliates from the different\r\nransomware groups to compete in the same network to extort victims. \r\nhttps://therecord.media/toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data/\r\nPage 3 of 4\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data/\r\nhttps://therecord.media/toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data/"
	],
	"report_names": [
		"toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data"
	],
	"threat_actors": [],
	"ts_created_at": 1775434204,
	"ts_updated_at": 1775791241,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/84379794e2ade1a385f562be6c19e00f2e5b7d03.pdf",
		"text": "https://archive.orkl.eu/84379794e2ade1a385f562be6c19e00f2e5b7d03.txt",
		"img": "https://archive.orkl.eu/84379794e2ade1a385f562be6c19e00f2e5b7d03.jpg"
	}
}