British engineering firm IMI discloses breach, shares no details

British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems.

IMI is a global engineering group with manufacturing facilities in 18 countries, focused on precision fluid engineering and providing services in the process and industrial automation, climate control, life science, and transport sectors.

Listed on the London Stock Exchange since 1966, it is included in the FTSE100 Index (the United Kingdom's best-known stock market index) and employs around 10,000 people in over 50 countries across three divisions (IMI Hydronic, Norgren, and IMI Critical).

In a statement today, the company said it hired cybersecurity experts to investigate the incident's impact after detecting "unauthorised access" to its systems.

"As soon as IMI became aware of the unauthorised access, the Company engaged external cyber security experts to investigate and contain the incident," IMI added in a filing with the London Stock Exchange.

"In parallel, the Company is taking the necessary steps to comply with our regulatory obligations. An update will be provided as and when appropriate."

An IMI spokesperson declined to comment when asked by BleepingComputer provide more details about the attack, such as the date it was detected, whether it impacted its operations, and whether the threat actors stole company or customer information from compromised systems.

In a similar statement issued last week, London-based engineering giant Smiths Group also disclosed a breach after its systems were compromised. Like IMI, it has yet to share whether business or customer data was stolen during the incident and when the breach was detected.

Earlier this month, American business services firm and government contractor Conduent confirmed that a recent outage was caused by a "cyber security incident," and Hewlett Packard Enterprise (HPE) announced that it was investigating breach claims after a threat actor said they stole documents from the company's developer environments.

U.K. domain registry Nominet has also confirmed that its network was breached in early January using an Ivanti VPN zero-day vulnerability, exploited in attacks linked to a suspected China-linked espionage group tracked as UNC5337.