8-K
NCR CORP false 0000070866 0000070866 2023-04-17 2023-04-17

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

 

 

FORM 8-K

 

 

CURRENT REPORT

PURSUANT TO SECTION 13 OR 15(d)

OF THE SECURITIES EXCHANGE ACT OF 1934

Date of report (Date of earliest event reported): April 17, 2023

 

 

 

LOGO

NCR CORPORATION

(Exact name of registrant as specified in its charter)

 

 

 

Maryland   001-00395   31-0387920

(State or other jurisdiction

of incorporation)

 

(Commission

File Number)

 

(I.R.S. Employer

Identification Number)

 

864 Spring Street NW

Atlanta, GA

  30308
(Address of principal executive offices)   (Zip code)

Registrant’s telephone number, including area code: (937) 445-1936

N/A

(Former name or former address, if changed since last report)

 

 

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

 

Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

 

Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)

 

Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))

 

Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

 

Title of each class

 

Trading

Symbol(s)

 

Name of each exchange

on which registered

Common stock, par value $0.01 per share   NCR   New York Stock Exchange

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).

Emerging growth company  

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.  ☐

 

 

 


Item 8.01

Other Events.

On April 17, 2023, NCR Corporation (“NCR” or “the Company”) issued a press release announcing that a single data center outage that is impacting some functionality for a subset of NCR’s commerce customers was caused by a cyber ransomware incident. A copy of that press release is filed as Exhibit 99.1 hereto and is incorporated herein by reference.

Forward-Looking Statements

This Current Report on Form 8-K includes statements which may constitute forward-looking statements made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, the accuracy of which are necessarily subject to risks, uncertainties, and assumptions as to future events that may not prove to be accurate. These statements include, but are not limited to, express or implied forward-looking statements relating to our expectations regarding our ability to contain and assess the ransomware incident and the impact of the ransomware incident on our operations and financial results. These statements are neither promises nor guarantees, but are subject to a variety of risks and uncertainties, many of which are beyond our control, which could cause actual results to differ materially from those contemplated in these forward-looking statements. Investors and others are cautioned not to place undue reliance on forward-looking statements. Factors that could cause actual results to differ materially from those expressed or implied include (i) the ongoing assessment of the ransomware incident, (ii) legal, reputational and financial risks resulting from the ransomware incident, (iii) the effectiveness of business continuity plans and cybersecurity risk management policies during the ransomware incident, (iv) the possibility that our ongoing investigation will produce materially adverse findings not known to us on the date hereof, (v) that any future, or still undetected, cybersecurity related incident, whether an attack, disruption, intrusion, denial of service, theft or other breach could result in unauthorized access to, or disclosure of, data, resulting in claims, costs and reputational harm that could negatively affect our operating or financial results and (vi) the other risks and uncertainties further described in the “Risk Factors” section of NCR’s most recent Annual Report on Form 10-K, as well as in NCR’s other reports filed with or furnished to the U.S. Securities and Exchange Commission, available at www.sec.gov. Forward-looking statements should be considered in light of these risks and uncertainties. These forward-looking statements speak only as of the date of this Current Report on Form 8-K or as of the date to which they refer, and NCR assumes no obligation to update any forward-looking statements as a result of new information or future events or developments, except as required by law.

 

Item 9.01.

Financial Statements and Exhibits.

(d) Exhibits

 

Exhibit
No.

  

Exhibit

99.1    Press Release issued by the Company, dated April 17, 2023
104    Cover Page Interactive Data File (formatted as inline XBRL)


SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

 

    NCR CORPORATION
Date: April 17, 2023    
    By:  

/s/ James Bedore

      James M. Bedore
      Executive Vice President, General Counsel and Secretary
EX-99.1

Exhibit 99.1

 

LOGO

NCR Reports Cybersecurity Incident

ATLANTA– April 17, 2023

On April 13, NCR determined that a single data center outage that is impacting some functionality for a subset of its commerce customers was caused by a cyber ransomware incident. Upon such determination, NCR immediately started contacting customers, enacted its cybersecurity protocol and engaged outside experts to contain the incident and begin the recovery process. The investigation into the incident includes NCR experts, external forensic cybersecurity experts and federal law enforcement.

We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint. At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments, or other retail products are processed at this data center.

While in-restaurant purchases and transactions continue to operate, affected customers have reduced capabilities on specific Aloha cloud-based and Counterpoint functionality that has impacted their ability to manage restaurant administrative functions. NCR is conducting concurrent efforts to establish alternative functionality for customers, fully restore impacted data and applications, and to enhance its cyber security protections.

Forward-Looking Statements

This press release includes statements which may constitute forward-looking statements made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, the accuracy of which are necessarily subject to risks, uncertainties, and assumptions as to future events that may not prove to be accurate. These statements include, but are not limited to, express or implied forward-looking statements relating to our expectations regarding our ability to contain and assess the ransomware incident and the impact of the ransomware incident on our operations and financial results. These statements are neither promises nor guarantees, but are subject to a variety of risks and uncertainties, many of which are beyond our control, which could cause actual results to differ materially from those contemplated in these forward-looking statements. Investors and others are cautioned not to place undue reliance on forward-looking statements. Factors that could cause actual results to differ materially from those expressed or implied include (i) the ongoing assessment of the ransomware incident, (ii) legal, reputational and financial risks resulting from the

 

1


ransomware incident, (iii) the effectiveness of business continuity plans and cybersecurity risk management policies during the ransomware incident, (iv) the possibility that our ongoing investigation will produce materially adverse findings not known to us on the date hereof, (v) that any future, or still undetected, cybersecurity related incident, whether an attack, disruption, intrusion, denial of service, theft or other breach could result in unauthorized access to, or disclosure of, data, resulting in claims, costs and reputational harm that could negatively affect our operating or financial results and (vi) the other risks and uncertainties further described in the “Risk Factors” section of NCR’s most recent Annual Report on Form 10-K, as well as in NCR’s other reports filed with or furnished to the U.S. Securities and Exchange Commission, available at www.sec.gov. Forward-looking statements should be considered in light of these risks and uncertainties. These forward-looking statements speak only as of the date of this press release and NCR assumes no obligation to update any forward-looking statements as a result of new information or future events or developments, except as required by law.

About NCR Corporation

NCR Corporation (NYSE: NCR) is a leader in transforming, connecting and running technology platforms for self-directed banking, stores and restaurants. NCR is headquartered in Atlanta, Georgia, with 35,000 employees globally. NCR is a trademark of NCR Corporation in the United States and other countries.

Web site: www.ncr.com

Twitter: @NCRCorporation

Facebook: www.facebook.com/ncrcorp

LinkedIn: www.linkedin.com/company/ncr-corporation

YouTube: www.youtube.com/user/ncrcorporation

NCR Media Contact

Scott Sykes

NCR Corporation

scott.sykes@ncr.com

 

2