Cyber Attack on Comer Industries Systems

Reggiolo, March 14, 2025

Dear Collaborators, Customers and Suppliers,

Comer Industries wishes to inform you that on March 2, 2025, our IT systems suffered a malware attack. Thanks to the prompt activation of security protocols and the intervention of our IT team and cybersecurity experts, the incident was managed with maximum effectiveness, limiting damage and preventing further compromises.

Following the attack, we received a ransom request which was not followed up, as we firmly believe that yielding to such requests is against our company values and best cybersecurity practices.

Although investigations into this highly sophisticated attack are still ongoing, we can confirm that the illegally obtained information concerns some data related to our employees and former employees, suppliers, consultants, and some customers.

Regarding customer data, we can confirm that no information related to EDI (Electronic Data Interchange) connections was stolen.

We wish to emphasize that all information in the possession of cybercriminals was acquired illegally and that any use, dissemination, or acquisition of such data by third parties constitutes an offense punishable by the competent authorities. Comer Industries promptly informed all relevant authorities, including the Data Protection Authority and stakeholders involved in the data breach, actively collaborating in ongoing investigations.

 

Security Enhancement Actions

In response to this event, Comer Industries has adopted extraordinary measures to further enhance the security of its IT infrastructure. Among the main interventions, we have:

Installed advanced threat detection and response systems (XDR) for proactive protection against future attacks. Conducted a hardening operation of the systems to strengthen the resilience of our IT platforms. Thoroughly reviewed and updated our security policies to align them with the highest industry standards. Carried out a massive reset of infrastructure passwords to ensure secure and controlled access to our systems. 
 

Thanks to these measures, we can exclude the possibility of the attacker accessing other IT infrastructures through vulnerabilities previously exploited in the attack on Comer Industries.

 

Restoration of Activities

We wish to reassure you that the restoration of our IT systems has been successfully completed and that there have been no significant impacts on business due to the temporary suspension of services.

We deeply regret the incident and any inconvenience or concern it may have caused to our stakeholders. We will continue to invest in the best technologies and security strategies to ensure the protection of information and the operational continuity of our company.

For any further information or clarification, our team remains at your disposal through the following channels:

– Internal Privacy Office: privacy@comerindustries.com
– Data Protection Officer: infodpo@kncm.it
 

Best regards,

Comer Industries S.p.A.