The household toys and games manufacturer Hasbro experienced a recent security incident. However, the company indicated it will continue taking orders and shipping products, though some delays may occur during remediation efforts.
In an 8-K filing with the Securities and Exchange Commission (SEC), Hasbro disclosed that on March 28 it discovered "unauthorized access" within its network. The details provided point to both immediate operational challenges and proactive resilience measures.
On the positive front, the company demonstrated preparedness for such scenarios. Unlike organizations that must fully shut down operations during major incidents, Hasbro "has implemented and continues to implement business continuity plans to enable it to continue to take orders, ship product, and conduct other key operations while it resolves this situation."
To contain the issue, Hasbro had to take certain systems offline. The company noted that these interim business continuity measures "may continue for several weeks before the situation is fully resolved and may result in some delays."
Benny Lakunishok, CEO and co-founder of Zero Networks, speculates that the incident might involve ransomware—alluding to it with the phrase "handsome mare"—and observes that the wording in Hasbro's filing warrants attention. "The fact that they said unauthorized access, and the fact that they are saying full recovery could take several weeks — those are red flags," Lakunishok adds.
Retail sector risks
"[Retail] remains a high-value target because it combines sensitive customer data with operational complexity," says Kevin Marriott, director of cyber content strategy and IP at Immersive. "Companies like Hasbro sit across global supply chains, ecommerce platforms, and third-party ecosystems, creating a wide and often fragmented attack surface," making them frequent targets for opportunistic, financially motivated, and supply-chain-focused threat actors.
Lakunishok adds that, similar to other manufacturing entities, Hasbro prioritizes keeping production and fulfillment lines operational. "That's priority number one: they have a lot of orders, so there's a lot at stake if there's any ransomware or [disruption] of a fulfillment line. That's a lot of money [on the line], so if it's about paying $10 million, that's something they might do."
Hasbro has not specified the exact nature of the unauthorized access. The company has not yet responded to Dark Reading's request for additional details.
Maintaining production continuity
Security incidents can severely disrupt operations, sometimes forcing production lines to halt entirely. Last year, Jaguar Land Rover experienced a ransomware incident that caused weeks of shutdowns, leading to hundreds of millions of dollars in losses for the company and affecting the broader UK economy.
In the retail sector, Marriott notes it is rare for organizations to maintain normal operations during an active security event. "There is often a significant level of disruption across logistics, customer services, payments or internal system access," he adds.
Marriott emphasizes the importance of focusing on both prevention and incident response planning. "It's about ensuring teams across an organization are prepared to both recognise and respond when something inevitably gets through. Businesses that regularly test their people through real-world simulations build the muscle memory needed to identify these tactics early and contain threats quickly."
Despite the limited details, Marriott commends Hasbro for keeping production running. "What we have seen so far from Hasbro's incident response suggests that they have effective planning and the right controls in place, which have so far enabled them to navigate a cyber incident without it escalating into a full-scale operational crisis," he observes. "This doesn't happen by accident. It's the result of organizations that have gone beyond static plans and have actively tested how they would respond under pressure."