Back to Blog
high severity April 05, 2024 · disclosed in filing affected

B. Riley Financial, Inc Discloses Material Cybersecurity Incident (SEC 8-K)

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

  On April 5, 2024, Targus International, LLC and certain affiliates (collectively, "Targus"), each of which is an indirect subsidiary of B. Riley Financial, Inc. (the "Company"), discovered that a threat actor gained unauthorized access to certain of Targus' file systems. Upon discovery and with assistance from external cybersecurity counsel and consultants, Targus immediately activated its incident response and business continuity protocols to investigate, contain and remediate the incident. Through this process, proactive containment measures to disrupt unauthorized access resulted in

Severity High
Disclosed April 05, 2024
Affected disclosed in filing
Data exposed Material cybersecurity incident (per SEC 8-K Item 1.05)

On April 5, 2024, B. Riley Financial, Inc. filed an SEC 8-K disclosing that a threat actor had gained unauthorized access to certain file systems belonging to its indirect subsidiary Targus International, LLC and affiliates. The filing marks the first public notification of the incident, which Targus discovered on the same day. Anyone whose personal or business documents were stored on those systems may now face long-term exposure.

Details from the SEC Filing

The SEC 8-K Item 1.05 states that on April 5, 2024, Targus identified unauthorized access to portions of its file systems. The company immediately engaged external cybersecurity counsel and consultants, activated incident response and business continuity protocols, and implemented proactive containment measures that disrupted the unauthorized access. The disclosure does not specify the volume of data involved, the exact data types accessed, or whether any information was exfiltrated. It also does not name the threat actor or confirm any ransom demand.

April 5, 2024 remains the sole date tied to both discovery and public disclosure. The filing frames the event as a “material cybersecurity incident” under SEC rules, obligating the parent company to report it to investors.

Why This Matters for You and Your Family

When a company that handles logistics, warranties, or consumer-product support suffers a breach, the files on its systems often contain names, addresses, contact details, purchase records, and sometimes scanned documents provided by customers. Even if the exact contents remain unknown, the unauthorized file-system access creates a realistic risk that information tied to you or your family has been viewed or copied. Once that data leaves a corporate environment it can appear on dark-web markets, ransomware leak sites, or private extortion lists months later.

Ordinary families who bought laptop bags, phone cases, or other Targus products and registered them for warranty support may have their details caught in this incident. The same risk applies to small businesses that interacted with Targus as a vendor. Without clear visibility into what was taken, the safest assumption is that any information you ever gave them could now be in unauthorized hands.

Doxxing and Identity-Chain Risks

File-system breaches rarely stop at one dataset. Threat actors routinely chain exposed customer records with usernames, email addresses, or phone numbers already circulating from earlier leaks. A single address or warranty claim can link your work identity, children’s school-related accounts, and family gaming profiles. These connections allow attackers to build detailed dossiers used for spear-phishing, SIM-swapping, or targeted extortion.

Credential reuse across services turns this incident into a gateway for account takeovers. If you reused a password listed in the Targus environment, criminals who obtain even partial data can test it against email, banking, or social-media accounts. Gaming accounts belonging to children are especially vulnerable because they often share the same household email or phone number, creating a direct path from corporate breach to family doxxing.

What to Do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup of Warden to remove what you can.
  • Rotate any password you ever used on Targus-related sites or services and enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure surfaces in hours instead of months.
  • Cover the entire household with DoxxScan family protection, which includes dependents and children’s gaming accounts that often chain back to the same address or parent email.
  • Let remediation specialists handle ongoing takedown requests for any personal records that surface on data-broker or extortion sites.

The incident underscores that even well-known subsidiaries can become entry points for threat actors, and families rarely learn about the exposure until it is too late. A forward-looking approach means treating every corporate breach as a personal one and acting before the data appears for sale. Start your DoxxScan trial and combine its continuous monitoring, AI-powered identity-chain mapping, and hands-on specialist remediation to protect yourself and your family today.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.