Amazon, Apple, Google, and Microsoft among major customers

Data I/O, a leading electronics manufacturer with a client base that includes global technology giants such as Amazon, Apple, Google, and Microsoft, has confirmed that it recently suffered a ransomware attack that continues to disrupt its operations. The incident, which the company disclosed to federal regulators on August 16 through a Form 8-K filing with the U.S. Securities and Exchange Commission, has temporarily crippled several essential business functions.

According to the filing, the ransomware infection impacted a wide range of internal and external systems, from communications and shipping to manufacturing production and customer support services. While some systems have since been restored, others remain offline, and the company has not provided a clear timeline for when full functionality will return. An active investigation is ongoing.

Data I/O reported that upon discovering the malware, it immediately activated its cyber incident response protocols, taking certain platforms offline as a precautionary measure, deploying containment strategies, and initiating recovery procedures. The company also engaged outside cybersecurity experts to assist in restoring services and conducting a detailed forensic investigation into the breach.

At present, it is not known whether sensitive data was stolen during the attack. Data I/O declined to provide further details and did not respond to questions about potential customer data exposure. Additionally, no ransomware groups have claimed responsibility for the incident, and the company has not appeared on any of the prominent data leak sites often used by cybercriminals to pressure victims into paying ransoms.

The scale of the attack is particularly concerning given Data I/O’s prominent role in global supply chains. Beyond serving leading technology firms, the company also provides programming systems to major automotive and industrial manufacturers. Its technology is widely used in programming engine control units, braking systems, and industrial IoT devices—components that are critical to safety, performance, and security. This makes the company a highly attractive target for cybercriminal groups looking to exploit vulnerabilities and extract high-value data.

The attack comes at a time when ransomware incidents are rising sharply across the industrial sector. A 2024 report from Dragos, a security firm specializing in operational technology, revealed that ransomware attacks on industrial organizations increased by 87 percent compared to the previous year, with 1,693 recorded incidents. Among these, a quarter resulted in complete shutdowns, while the remaining 75 percent caused partial disruptions.

These findings align with statistics from the FBI’s Internet Crime Complaint Center (IC3), which noted that ransomware was the most significant cyber threat facing critical infrastructure organizations in 2024. The agency received nearly 4,900 cybersecurity-related complaints from this sector last year alone, including more than 1,400 related specifically to ransomware. The most commonly reported ransomware variants were Akira, LockBit, RansomHub, Fog, and PLAY.

Given its portfolio and the sensitive nature of its technology, the attack on Data I/O underscores the growing vulnerability of firms that form the backbone of global tech, automotive, and industrial supply chains. The incident is a reminder of how ransomware has evolved into a pervasive threat capable of undermining critical infrastructure, disrupting business continuity, and endangering both corporate and consumer data.