Hasbro Takes Some Systems Offline After Cybersecurity Incident

What happened

Hasbro took some systems offline after a cybersecurity incident that affected its ability to ship products and take orders. The company said its IT team discovered unauthorized access on March 28 and disclosed the incident in a filing with the Securities and Exchange Commission on Wednesday. Hasbro said it implemented containment measures to address the attack, including taking some systems offline entirely. The company also said it activated business continuity plans so it could continue taking orders, shipping products, and carrying out other key operations while it works to resolve the issue. According to the filing, interim measures may remain in place for several weeks and could cause delays. Hasbro also said it is reviewing files potentially impacted by the incident and will take any additional actions deemed necessary under applicable law. 

Who is affected

The direct impact falls on Hasbro’s operations, particularly order processing and product shipments. The company has not said how many systems or files were affected, but it confirmed that interim measures may continue for several weeks while the investigation remains ongoing. 

Why CISOs should care

This incident matters because it shows how a cyberattack can quickly force operational workarounds at a major consumer products company, affecting both order intake and fulfillment. It also highlights the need to balance containment decisions, such as taking systems offline, against the pressure to keep commercial operations running during an active response. 

3 practical actions

1. Prepare business continuity for order and shipping disruption: Ensure critical commercial workflows can continue under interim measures if core systems must be taken offline during a cyber incident. 
2. Treat containment decisions as operational decisions: Plan ahead for how security teams and business leaders will decide when to isolate systems, since Hasbro said some systems were taken offline entirely as part of containment. 
3. Scope potentially affected files early: Move quickly to identify which files may have been impacted so notification and legal response can proceed in line with applicable obligations. 

For more news about disruptive intrusions affecting business operations, click Cyberattack to read more.