Mattress maker Tempur Sealy says it isolated tech system to contain cyber burglary

Tempur Sealy, among the world's largest providers of bedding, has notified the Securities and Exchange Commission of a digital burglary by cyber crims that forced it to isolate parts of the tech infrastructure.

The Lexington, Kentucky-based biz, which turned over $4.92 billion in sales during calendar 2022, confirmed on July 23 it "identified a cybersecurity event involving certain of the company's information technology systems."

"Upon discovery of the event, the company activated its incident response and business continuity plans designed to contain the incident. This included proactively shutting down certain of the company's IT systems, resulting in the temporary interruption of the company's operations," yesterday's filing states.

Tempur Sealy said it has retained legal counsel, as well as infosec forensic experts and other response professionals "to advise on the matter," and told law enforcement authorities about the breach.

The mattress maker says it has begun the recovery process to "bring certain of its critical IT systems back online and has resumed operations. The forensic investigation remains ongoing and the company continues to work to determine whether this incident will have a material impact on its business, operations, or financial results.

"If the company determines that any personal information was involved, it would endeavor to comply with any reporting obligations it may have with respect to such information under applicable law," the filing adds.

Tempur Sealy develops, produces and markets memory foam mattresses, adjustable bases, pillows, and other related products. Like many organizations, the company's fortunes soared during the pandemic – although it faced some growing pains in 2022.

The security incident, or "cyber security event" as it was described by the company, will serve as an unwelcome distraction following a 27 percent plunge in profits to $455.7 million last year.

Martin Mackay, chief revenue officer at Versa Networks, said the "modus operandi" of cyber baddies is to reduce "business uptime and availability" to "impact the financials of an organization, as well as cause long-term brand damage if orders are delayed or, at worst, cancelled."

Tempur Sealy did have planning procedures in place to get critical systems live again, he added, "which will ultimately mitigate the potential negative impact the attack could have had on the organization's reputation. Network segmentation, as an example, allows security teams to rapidly locate malware, limit its movement, and ultimately reduce the potential impact of an attack."

• Millions of people's data stolen because web devs forget to check access perms
• MOVEit body count closes in on 400 orgs, 20M+ individuals
• Lawyer sees almost 1,000 complainants sign up to Capita breach class action
• Capita staffers told attackers stole data from its own pension fund

Just last year, Emma Sleep Company confirmed it had suffered a Magecart attack that allowed the criminals to skim customers credit or debit card details from its website. Barely a month goes by when some company in some industry falls under the glare of ne'er-do-wells.

We have asked Tempur Sealy how the criminals broke in to its tech infrasture, the malware used, how long they were on the inside, and whether they have demanded any sort of ransom. ®