On May 20, 2021, Navistar International Corporation (the “Company”) learned of a credible potential cybersecurity threat to its information technology system (“IT System”). Upon learning of the cybersecurity threat, the Company launched an investigation and undertook immediate action in accordance with its cybersecurity response plan, including employing containment protocols to mitigate the impact of the potential threat, engaging internal and third-party information technology security and forensics experts to assess any impact on the Company’s IT System, and utilizing additional security measures to help safeguard the integrity of its IT System’s infrastructure and data contained therein. To date, the Company’s IT System continues to be fully operational.
On May 31, 2021, the Company received a claim that certain data had been extracted from the Company’s IT System. The measures described above are ongoing as the Company, with the assistance of third-party experts, continues to investigate and address the scope and impact of the cybersecurity incident. Law enforcement is aware of the cybersecurity incident.
Forward-Looking Statements
Certain statements in this Current Report on Form 8-K that are not purely historical may constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, Section 21E of the Securities Exchange Act of 1934, and the Private Securities Litigation Reform Act of 1995, each as amended. Forward-looking statements provide current expectations of future events and include any statement that does not directly relate to any historical or current fact. Words such as “anticipates,” “believes,” “expects,” “intends,” “plans,” “projects,” or other similar expressions may identify such forward-looking statements. Actual results may differ materially from those discussed in forward-looking statements as a result of factors, risks and uncertainties over which the Company has no control. These factors, risks and uncertainties include, but are not limited to, the ongoing assessment of the cybersecurity incident, legal, reputational and financial risks resulting from this and/or additional cybersecurity incidents, the effectiveness of business continuity plans during the cybersecurity incident, and such other factors as are set forth in the Company’s periodic public filings with the Securities and Exchange Commission (the “SEC”), including, but not limited to, those described under the headings “Risk Factors” and “Forward Looking Statements” in its Form 10-K for the fiscal year ended October 31, 2020, which was filed with the SEC on December 17, 2020, the definitive proxy statement on Schedule 14A, which was filed with the SEC on January 29, 2021, and in its other filings made with the SEC from time to time, which are available via the SEC’s website at www.sec.gov. Forward-looking statements reflect the views and assumptions of management as of the date of communication with respect to future events. The Company does not undertake, and hereby disclaims, any obligation, unless required to do so by applicable securities laws, to update any forward-looking statements as a result of new information, future events or other factors. The inclusion of any statement in this Current Report on Form 8-K does not constitute an admission by the Company or any other person that the events or circumstances described in such statement are material.