Smiths Group has disclosed a cybersecurity incident involving unauthorised access to its systems. The London-listed engineering company, which operates across multiple sectors including energy, security, aerospace, and defence, has implemented measures to contain the breach.
According to a statement filed with the London Stock Exchange, the company identified the unauthorised activity and responded by isolating affected systems. Business continuity plans were activated to minimise disruption. “The incident has involved unauthorised access to the company’s systems,” the company stated. “As soon as Smiths became aware of the unauthorised activity, the company rapidly isolated affected systems and activated business continuity plans.”
Investigation and regulatory compliance
Smiths Group is working with cybersecurity specialists to assess the scale of the breach and restore impacted systems. The company has also stated that it is complying with all relevant regulatory requirements. However, no details have been provided regarding the cause of the breach, the exact timeframe of detection, or whether business or customer data has been compromised. The company has stated that it will provide updates “as appropriate”.
Following the announcement, Smiths Group shares declined by as much as 2.3% in early trading. The incident is the latest in a series of cybersecurity breaches reported across various industries. The cybersecurity breach at Smiths Group follows a series of similar incidents affecting organisations worldwide. Earlier this month, the International Civil Aviation Organization (ICAO), a United Nations specialised agency, confirmed a data breach impacting nearly 12,000 individuals. The breach, involving the unauthorised release of recruitment-related data, was initially reported last week and remains under investigation.
ICAO, which has 193 member countries, stated that the breach involved the exposure of approximately 42,000 recruitment records spanning from April 2016 to July 2024. Following an internal review, the agency confirmed that 11,929 individuals were directly affected by the unauthorised data disclosure. Last week, US-based business services firm Conduent confirmed that a system outage was caused by a cybersecurity incident. Around the same time, Hewlett Packard Enterprise (HPE) stated it was investigating claims of a data breach after a threat actor allegedly obtained documents from its developer environments.
In the UK, domain registry Nominet recently disclosed that its network was compromised in early January through an Ivanti VPN zero-day vulnerability. This vulnerability has been linked to cyber espionage activity associated with a group known as UNC5337.
Smiths Group, which employs more than 15,000 people across 50 countries, reported £3.13bn in revenue last year. The company has not yet indicated whether the breach has had a material impact on its operations.
Read more: Change Healthcare ransomware attack exposes data of 190 million people
