[8-K] JEWETT CAMERON TRADING CO LTD Reports Material Event

Rhea-AI Filing Summary

Jewett-Cameron Trading Company (JCTC) reported a material cybersecurity incident. The company detected unauthorized access to parts of its IT environment, including deployment of encryption and monitoring software, which disrupted certain business applications it took offline as a precaution. It believes the intrusion is contained and is restoring systems with external cybersecurity support.

Certain information was exfiltrated, including images of video meetings and computer screens that may contain sensitive company information, and the threat actors have threatened to release it. The company expects response costs to be largely covered by its cyber insurance, but notes operations may be materially impacted, which may affect first-quarter fiscal 2026 results. Current analysis indicates exfiltrated data primarily relates to IT and financial information gathered for the upcoming Form 10-K, expected in mid-November. The investigation continues, with no current evidence of compromised personally identifiable information.

Insights

Cybersecurity risk analyst

Material cyber incident; ops and Q1 FY2026 may be affected.

Jewett-Cameron reports unauthorized access and deployment of encryption/monitoring software on internal IT systems. Portions of business applications were taken offline, and certain information was exfiltrated, including images of video meetings and screens. The company states the intrusion has been contained and systems are being restored with external experts.

Management warns operations may be materially impacted, which may affect first-quarter fiscal 2026 results. While cyber insurance is expected to largely cover response costs, insurance typically does not offset revenue or margin disruption from downtime. Actual impact depends on the speed of system restoration and any data exposure issues identified as the investigation proceeds.

The company plans to file its Form 10-K in mid-November, and indicates exfiltrated data primarily relates to IT and financial materials compiled for that filing. Subsequent disclosures may clarify operational recovery and any data-related follow-ups.

false 0000885307 0000885307 2025-10-15 2025-10-15 iso4217:USD xbrli:shares iso4217:USD xbrli:shares

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549

FORM 8-K

Current Report
Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): October 15, 2025

JEWETT-CAMERON TRADING COMPANY LTD.
(Exact name of registrant as specified in its charter)

A1BRITISH COLUMBIA	000-19954	00-0000000
(State or other jurisdiction	(Commission	(IRS Employer
of incorporation)	File Number)	Identification No.)

32275 N.W. Hillcrest, North Plains, OR 97133
(Address of principal executive offices) (Zip Code)

Registrant's telephone number, including area code (503) 647-0110

Not Applicable

(Former Name or Former Address, if Changed Since Last Report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2. below):

☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a -12)

☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d -2(b))

☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e -4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of each class		Trading symbol(s)		Name of each exchange on which registered
Common Stock, no par value		JCTC		NASDAQ Capital Market

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (17 CFR §230.405) or Rule 12b-2 of the Securities Exchange Act of 1934 (17 CFR §240.12b-2).

Emerging growth company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Item 1.05. Material Cybersecurity Incidents.

On October 15, 2025, Jewett-Cameron Trading Co. Ltd. (the “Company”) learned that a threat actor had gained unauthorized access to portions of the Company’s information technology (“IT”) environment and claimed to have unlawfully accessed certain Company information and data. The Company immediately activated its cyber incident response process to contain the intrusion, assess and investigate the incident and implement remedial measures. The Company also immediately notified law enforcement and retained external cybersecurity experts to assist. Based on its investigation to date, the Company believes that the cybersecurity incident consisted of unauthorized access and deployment of encryption and monitoring software by a third party to a portion of the Company’s internal corporate IT systems. The incident caused disruptions and limitation of access to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, which the Company voluntarily took offline as a precautionary measure. Based on the information reviewed to date, the Company believes the unauthorized activity has been contained and is working diligently to bring the impacted portions of its IT systems and individual computer devices back online.

Although the Company ascertained that certain information was exfiltrated, it is still investigating the extent of compromise of any sensitive information contained within the accessed IT systems. However, it is believed that the threat actors unlawfully accessed certain computer systems and exfiltrated images of video meetings and computer screens that may contain sensitive Company information. The threat actors have threatened to release this information publicly if the Company does not provide them with a monetary payment. The Company has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access and bolstering its cyber defensive capabilities. The Company believes that the costs associated with these activities will be largely covered by the Company’s cyber security insurance policy. However, due to the extended period that the Company has been and may continue to be offline, operations may be materially impacted, which may also impact the Company’s financial results for the first quarter of fiscal 2026.

Current analysis indicates that the data exfiltrated primarily relates to IT related information and financial information the Company has been gathering and analyzing over the past few weeks in preparation of filing with the Securities and Exchange Commission its Annual Report on Form 10-K for the fiscal year ended August 31, 2025, which the Company expects to release in mid-November.

As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet completely known. We have no current evidence that any personally identifiable information of any employees, customers, suppliers or vendors has been compromised, but our analysis and review of the potential compromised systems and data continues. The Company is bringing systems and devices online in a thoughtful and methodical manner in coordination with our cybersecurity experts and the ongoing investigation and expects to be at full operational capability shortly.

Cautionary Language Concerning Forward-Looking Statements

Information set forth herein contains financial estimates and other forward-looking statements that are subject to risks and uncertainties, and actual results might differ materially. A discussion of factors that may affect future results is contained in the Company’s filings with the Securities and Exchange Commission. The Company disclaims any obligation to update and revise statements contained herein based on new information or otherwise, except as required by law.

Item 9.01. Exhibits

Exhibit No.		Description
104		Cover Page Interactive Data File (formatted as Inline XBRL and contained in Exhibit 101)

SIGNATURE

Pursuant to the requirements of the Securities Exchange Act of 1934, the Registrant has duly caused this Current Report to be signed on its behalf by the undersigned hereunto duly authorized.

				JEWETT-CAMERON TRADING COMPANY LTD.
Date: October 21, 2025				By:		/s/ Chad Summers
				Name:		Chad Summers
				Title:		President and Chief Executive Officer

FAQ

What did JCTC disclose about the cybersecurity incident?

The company reported unauthorized access to parts of its IT systems, deployment of encryption and monitoring software, and disruption to some business applications taken offline as a precaution.

Will Jewett-Cameron’s operations or financials be affected?

The company cautions operations may be materially impacted, which may affect financial results for the first quarter of fiscal 2026.

What data was exfiltrated in JCTC’s incident?

Exfiltrated data includes images of video meetings and computer screens that may contain sensitive company information, primarily IT and financial materials prepared for the upcoming 10-K.

Is personally identifiable information impacted at JCTC?

There is no current evidence that PII of employees, customers, suppliers, or vendors was compromised; the investigation is ongoing.

Will insurance cover JCTC’s cyber incident costs?

The company believes costs associated with response activities will be largely covered by its cyber security insurance policy.

When does JCTC expect to file its 10-K?

The company expects to release its Annual Report on Form 10-K in mid-November for the fiscal year ended August 31, 2025.