Major Electronics Manufacturer Struck by Ransomware, Halting Operations
On August 16, the American company Data I/O—one of the world’s largest electronics manufacturers serving clients such as Amazon, Apple, Google, and Microsoft—fell victim to a ransomware attack. The incident proved so severe that the company has yet to fully restore its operations, as disclosed in a notice filed with the U.S. Securities and Exchange Commission (SEC).
The disruption struck at the heart of the enterprise: internal and external communications, warehouse management, production lines, logistics, and supporting services were all temporarily impaired. While some systems have since been brought back online, others remain unavailable, and the company has not provided a timeline for full recovery. An investigation into the breach is ongoing, but there is no confirmation yet on whether customer data was stolen. No known cybercriminal group has claimed responsibility, nor has Data I/O appeared on the leak sites where stolen data is typically published.
According to the SEC filing, the ransomware encrypted the company’s internal IT systems. Once the infection was detected, Data I/O activated its incident response plan, disconnected portions of its network to contain the threat, and implemented additional security measures. External cybersecurity experts were brought in to assist with restoring infrastructure and analyzing the attack.
Data I/O serves not only global technology giants but also leading automobile and industrial manufacturers. Its equipment is used to program electronic control units (ECUs) for engines, braking systems, and instrument panels. The company’s solutions also power the Internet of Things and industrial automation by embedding firmware and cryptographic keys into devices at the assembly stage. This makes Data I/O a particularly attractive target: the theft of such sensitive data could enable both extortion and industrial espionage.
The rise in attacks on industrial organizations is well-documented. According to cybersecurity firm Dragos, ransomware incidents in this sector surged by 87% in 2024, reaching 1,693 cases. In a quarter of these, operations were brought to a complete standstill, while in the remainder, activity was partially disrupted. Similar findings were reported by the FBI’s IC3 division, which confirmed that ransomware remains the single greatest threat to critical infrastructure. In 2024 alone, the bureau recorded nearly 4,900 incidents in this category, with 1,403 involving ransomware. The most common strains included Akira, LockBit, RansomHub, Fog, and PLAY.
The case of Data I/O therefore fits into a broader and deeply troubling pattern: cybercriminals are increasingly targeting the industrial sector and hardware manufacturers, banking on the devastating impact of operational paralysis and the victims’ willingness to pay for both the resumption of business and the protection of their most valuable data.
