Quarterly report pursuant to Section 13 or 15(d)

Subsequent Events

Subsequent Events
3 Months Ended
Dec. 31, 2021
Subsequent Events  
Note 15 - Subsequent Events

15. Subsequent Events


On January 18, 2022, the Company’s Compensation Committee and Board of Directors unanimously consented to grant 100 restricted shares of common stock and non-qualified stock options for an additional 50 shares.


On February 1, 2022, the Company detected and stopped a network security incident. An unauthorized third party gained access into our network, encrypted various systems, and has demanded money to decrypt the affected systems and to delete and not publicly release stolen information. The Company’s IT professionals immediately disconnected and isolated the affected systems to prevent any further compromise. The senior executive management team was immediately notified who in turn reported the network security incident to the Company’s audit committee chairman who has board oversight authority for these types of matters. The Company’s audit committee and board of directors have been fully briefed and a special committee of the board of directors has been appointed to participate with management in the on-going investigations, response and full remediation of the incident. The Company has engaged third party cyber security experts to assist its internal IT professionals and conduct a comprehensive investigation to determine the extent of the unauthorized activity. The Company has also notified law enforcement and its cyber liability insurance carrier about the incident.


To date, the Company’s investigation has determined the unauthorized third party acquired data maintained on the encrypted servers, to include some individual personal information such as name, social security number, passport and driver license information. Our forensic investigation will continue until we have determined, to the maximum extent practically possible, the full scope of the incident. Individuals affected by this incident will be notified in accordance with applicable state and federal laws. The Company’s investigation and analysis are on-going, therefore, management does not yet have a complete estimate of the likely total cost or damages stemming from this incident.  Based on what management now knows, the Company does not currently foresee this incident having a material detrimental effect on our business or financial position.  The Company had in place cyber liability insurance coverage, subject to certain policy limitations and deductibles. The Company immediately notified the carrier of the network security incident and is working with them on this matter. However, management does not know the full effects at this time, so there can be no assurance that the incident ultimately will not have material adverse effects on our business or financial position.


Currently, the Company’s network environment is being monitored around the clock by its IT professionals and third-party cyber security experts to mitigate a future compromise. The Company has not observed any additional malicious activity on the network to date. The Company’s operations have been minimally impacted to date, and it continues to serve our clients without issue.