To: Customers, Vendors and Stakeholders of Federal Broach & Machine LLC
Apology and Report with Respect to the Recent Fraudulent Emails
Thank you very much for your continued support for Federal Broach & Machine LLC (hereinafter referred to as the
“Company” or “we”).
On July 24, 2024, a spoof email originating from outside the Company was circulated among customers and other
stakeholders fraudulently requesting an unauthorized banking information change. Federal Broach did not make any
changes, if you have received such communication, do not open or forward the fraudulent emails and do not access any
URLs.
On August 20, 2024, unauthorized access was made to the business operations email, and fraudulent emails were sent
with an attachment giving those contacted false information regarding invoicing and a link. This is also unauthorized
fraudulent information. If you have received such communications, do not open or forward the fraudulent emails and do
not access any URLs.
The Company has not made any changes to invoicing processes and has not made any changes to banking information.
The Company has conducted necessary investigations in a timely manner and is in the process of further deeper system
investigations. At this time, no other breach has been discovered.
Cause and countermeasures
(1) Cause of the incident
We are currently investigating the root cause and will update this notice when investigation is completed by an outside IT
consultant.
(2) Countermeasures
The company has changed the passwords to all of its IDs, isolated the attacked terminal from its network, and launched
other measures to prevent further expansion of the damage and to avoid damage to systems owned and retained by third
parties.
(3) Actual or possible secondary damage and its details
If you ever receive any suspicious email, etc. from someone posing as a member of the Company’s business
group or as the incident’s attacker, do not open the email, or access any URL, etc. in such message.
(4) Recurrence prevention measures
Following IT consultant security recommendations, the Company launched recurrence prevention measures.
Specifically, to prevent unauthorized use of an internal account after the incident, the Company has
changed the passwords to all its internal accounts and deleted unnecessary accounts.
(5) Inquiries
For inquiries on the above matter, please contact: Federal Broach & Machine LLC at (989) 539-7420.
Once again, we deeply apologize to our shareholders others concerned for the inconvenience and worry due to the
aforementioned incident.