Cadre Holdings investigates cybersecurity incident

Cadre Holdings, a leading provider of safety and survival products, disclosed a serious cybersecurity incident in a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC). In the incident, discovered on July 15, 2024, an unauthorized third party gained access to certain of the company’s technology systems.

After discovering the breach using its security tools, Cadre Holdings said it immediately activated its standard response protocols, which included immediate containment measures, ongoing assessment and remediation of the incident. The company also engaged third-party cybersecurity experts to assist with the investigation, activated its incident response plan, notified federal law enforcement and took certain systems offline as a precautionary measure.

Cadre Holdings security breach in detail

According to the company profile on Linkedin, Cadre Holdings was founded in 2021 and is headquartered in Jacksonville, Florida. The company describes itself as a global provider of safety and survival products for first responders, federal agencies, outdoor recreation, and personal protection.

The company’s primary products include body armor, explosive ordnance disposal equipment and duty gear. Its highly engineered products are used in over 100 countries by federal, state and local police, fire and rescue personnel, explosive ordnance disposal teams and paramedics. Key brands include Safariland and Med-Eng. The company employs approximately 5,000 people, including two associate members.

In its filing with the SEC, the company stated: “On July 15, 2024, Cadre Holdings, Inc. discovered that the Company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain of the Company’s technology systems.

“After discovering the incident using its security tools, the company immediately initiated its standard response protocols to contain, assess and remediate the incident, including initiating an investigation by third-party experts, activating its incident response plan, notifying federal law enforcement, and exercising extreme caution in taking certain systems offline,” it said.

Despite these immediate actions, Cadre Holdings mentioned that the investigation is still in its early stages. Consequently, the scope, nature and potential impact of the cybersecurity breach remain undetermined. Although the company stated that certain operations were affected, it is currently unclear whether the incident will have a material impact on the company’s financial condition or results of operations.

The company has stressed that it is working diligently to understand the extent of the incident and restore normal operations as quickly as possible. The filing on Form 8-K states: “The Company’s investigation and response are ongoing.” It goes on to say: “The Company cannot determine at this time whether the incident has had or will have a material impact on the Company’s financial condition or results of operations.”

Cadre Holdings included a cautionary statement regarding forward-looking statements in its Form 8-K. The company acknowledged that these statements are based on its current beliefs and expectations, but could change as the investigation progresses. Factors that could affect actual results include the ongoing assessment of the cybersecurity incident and its potential legal, reputational and financial impact.

While the nature of the data accessed remains unknown, the possibility of product design or vulnerability information being compromised could have serious consequences. Cadre Holdings has assured its stakeholders of transparency and will provide updates as the investigation progresses. Cadre Holdings’ commitment to resolving the situation and minimizing negative impacts on its stakeholders is demonstrated by its rapid and comprehensive response. As the investigation continues, the company intends to enhance its cybersecurity measures to prevent future incidents.

Related