0000351998false00003519982025-08-162025-08-16iso4217:USDxbrli:sharesiso4217:USDxbrli:shares
UNITED STATES SECURITIES AND EXCHANGE COMMISSION |
|
FORM 8-K |
CURRENT REPORT |
Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 |
|
Date of Report (Date of earliest event reported): August 16, 2025 |
Data I/O Corporation |
(Exact name of registrant as specified in its charter) |
Washington | | 0-10394 | | 91-0864123 |
(State or other jurisdiction of incorporation) | | (Commission File Number) | | (IRS Employer Identification No.) |
6645 185th Ave. N.E., Suite 100, Redmond, WA 98052 |
(Address of principal executive offices, including zip code) |
|
(425) 881-6444 |
(Registrant’s telephone number, including area code) |
|
Not Applicable |
(Former name or former address, if changed since last report) |
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
☐ | Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) |
| |
☐ | Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) |
| |
☐ | Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) |
| |
☐ | Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) |
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act ☐
Items reported in this filing:
Item 1.05 Material Cybersecurity Incidents.
Item 1.05 Material Cybersecurity Incidents.
On August 16, 2025, Data I/O Corporation (the “Company”) experienced a ransomware incident (the “Incident”) on certain of its internal IT systems. Upon discovery, the Company promptly activated its response protocols, took steps to secure its global IT systems and implemented containment measures, including proactively taking certain platforms offline and implementing other mitigation measures. The Company also engaged leading cybersecurity experts to support the IT system recovery and conduct a comprehensive investigation. Based on the findings, the Company will take additional actions as appropriate, including notifying affected individuals and regulatory authorities in compliance with applicable laws.
The Company is working diligently to restore the affected systems. The Incident has temporarily impacted the Company’s operations, including internal/external communications, shipping, receiving, manufacturing production, and various other support functions. While the Company has implemented measures to allow for the restoration of some operational functions, the timeline for a full restoration is not yet known. As the investigation of the Incident is ongoing, the full scope, nature, and impact are also not yet known.
As of the date of this filing, the Incident does not appear to have had a material impact on the Company’s business operations; however, the full scope and impact of this Incident is not yet known and could result in a future determination that the incident either was not or has been material to the Company's financial statements and results of operations. The expected costs related to the Incident, including fees for our cybersecurity experts and other advisors, and costs to restore any impacted systems, are reasonably likely to have a material impact on the Company’s results of operations and financial condition.
Safe Harbor/Forward Looking Statement and Disclosure Information
This Current Report on Form 8-K contains forward-looking statements made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, such as the Company’s expectations or beliefs regarding future events, actions or performance related to the Incident, including the results of the Company’s ongoing investigation of the Incident, the impact of the Incident on the Company and its financial condition and results of operations, and the timing and results of the recovery efforts from the Incident. Forward-looking statements typically are identified by use of terms such as “anticipate,” “believe,” “expect,” “project,” “may,” “will,” “should,” “could,” “likely” and similar words. Except as required by law, the Company undertakes no obligation to publicly update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. The Company’s actual results could differ materially from those contained in forward-looking statements due to a number of factors, including the completion of the Company’s investigation into the Incident, the ultimate results from the Company’s investigation, the timing of the restoration of full access following the Incident, possible changes in customer sentiment due to the Incident and other risks and factors described by the statements under “Risk Factors” in the Company’s most recent Annual Report on Form 10-K and in its subsequent filings with the United States Securities and Exchange Commission.
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
| Data I/O Corporation | |
| | | |
August 21, 2025 | By: | /s/ Charles DiBona | |
| Charles DiBona Chief Financial Officer | |
