[German]Data I/O, a provider of data programming for flash memory, microcontrollers, and logic, has been the victim of a ransomware attack. The attack, which took place on August 16, 2025, has affected production. Data I/O's customers include many German companies as well as Amazon, Microsoft, and others.
Who is Data I/O?
Data I/O is a provider of manual and automated data programming and security provisioning systems for flash memory, microcontrollers, and logic devices. Founded in 1969, the company developed devices that allowed electronics developers to program non-volatile semiconductor devices with data stored on punch cards or ASCII-encoded (eight-bit) paper tape.
These products were used in the development and manufacture of systems used in industries such as the Internet of Things (IoT), medical development, and consumer electronics. Over the next three decades, the company focused on technologies such as bipolar, EPROM, EEPROM, NOR FLASH, antifuse, FRAM, NAND FLASH, eMMC, and Universal Flash Storage (UFS) devices. Data I/O is now the world's leading manufacturer of systems for security provisioning and device programming. Its customers include Amazon, Apple, Google, and Microsoft.
Ransomware infection as of August 16, 2025
On August 16, 2025, Data I/O Corporation experienced a ransomware incident on certain internal IT systems, as disclosed by the company in this 8-K filing with US authorities. Upon discovery, the company immediately activated its response protocols, took steps to secure its global IT systems, and contained the incident. This included proactively shutting down certain platforms and implementing additional remediation measures.
The company also hired cybersecurity experts to assist in restoring its IT systems and conducting a comprehensive investigation. Based on the findings, the company will take further action as necessary, including notifying affected individuals and regulatory authorities in accordance with applicable laws.
The ransomware attack "temporarily disrupted the company's operations, including internal/external communications, shipping, receiving, manufacturing, and various other support functions," The Register quotes in this article on the incident. Data I/O also states that while some functions have been restored, others remain offline and there is no timeline for resolution.
The company is working intensively to restore the affected systems. The incident has temporarily impacted the company's operations, including internal/external communications, shipping, receiving, manufacturing, and various other support functions. While the company has taken steps to restore some operational functions, the timeline for full restoration is not yet known. As the investigation into the incident is ongoing, the full scope, nature, and impact are also not yet known.
