In the course of our business, we obtain, process and store large amounts of sensitive business and personal information, including information related to our customers, their end-users and their transactions. We also have access to certain transaction and personal data of our customers and their consumers through or in the course of servicing our products or third-party products. Additionally, we collect, use and store personal data of our employees and the personnel of our business partners in the ordinary course of business. We face risks, including to our reputation as a trusted brand, in the handling, securing, and protection of this information, and these risks will increase as our business continues to expand to include new products and technologies.
While we have programs and measures in place designed to protect and safeguard our data and third party data we collect, store or process, and while we have implemented access controls designed to limit the risk of unauthorized use or disclosure by employees and contractors, the techniques used to obtain unauthorized access to data are complex and evolving as threat actors adopt new and emerging technologies (including artificial intelligence and machine learning). Cybersecurity threat actors are increasingly sophisticated and are increasingly targeting employees, contractors, service providers and third parties through evolving techniques, including through social engineering and/or misrepresentation (such as phishing attempts and similar techniques). An attack, disruption, intrusion, denial of service, theft or other breach, or an inadvertent act by an employee or contractor, could result in unauthorized access to, or disclosure of, our data or third-party data we collect, store or process, resulting in claims, costs and reputational harm that could negatively affect our operating results or stock price.
Like most companies, we are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation-states and individuals sponsored by them) to identify and exploit system vulnerabilities or to penetrate or bypass our security measures, in order to gain unauthorized access to our networks and systems. Successful attempts by one of these malicious actors could lead to the compromise of personal information or the confidential data of us or our customers. Attempts of this nature typically involve technology-related viruses, worms, and other malicious software programs that attack networks, systems, products and services, exploit potential security vulnerabilities, create system disruptions and cause shutdowns or denials of service. Our products and services may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance.
We have administrative, technical, organizational, and physical security measures in place to defend against intrusion and attack and to protect our information. Most cyberattacks are detected, prevented or mitigated by our various information technology and data protections, including but not limited to firewalls, intrusion prevention systems, denial of service detection, anomaly-based detection, anti-virus/anti-malware, endpoint encryption and detection and response software, Security Information and Event Management system, identity management technology, security analytics, encryption and multi-factor authentication. However, we have experienced security incidents in the past, and we may face additional security incidents in the future.
In April 2023, we determined that a single data center outage impacting certain of our customers was caused by a cyber ransomware incident. Upon such determination, we immediately started contacting customers, enacted our cybersecurity protocol and engaged outside experts to contain the incident and begin the recovery process. Following an extensive investigation which included Company experts, external forensic cybersecurity experts and federal law enforcement, among others, we concluded that the incident impacted operations for some customers only with respect to specific Aloha cloud-based services and Counterpoint. Functionality was fully restored to all impacted customers, and we built a new cloud environment to host the affected applications.
We have incurred certain expenses related to the cyber ransomware incident and may incur additional costs relating to this incident in the future, including payment of damages or other costs to customers or others. At this time we do not believe additional costs incurred as a result of the incident will ultimately have a material adverse effect on our business, results of operations or financial condition; however, we remain subject to risks and uncertainties as a result of the incident.
Because the techniques used to obtain unauthorized access to, or sabotage technology systems, change frequently, grow more complex over time, and generally are not recognized until launched against a target, we may be unable to anticipate or implement adequate measures to prevent such techniques. In addition, it is not uncommon for security breaches to remain undetected for extended periods of time. There can be no assurance that we or our partners and advisors will be able to prevent or remediate all future incidents or that the cost associated with responding to any such incident will not be significant.
If any security breach or significant denial-of-service attack or other cyberattack involving our systems or the systems of third parties that store or process our data occurs or is believed to have occurred, our reputation and brand could be damaged and we could be required to expend significant capital and other resources to address problems caused by any such actual or perceived event and to remediate our systems. In addition, we could be exposed to business losses, litigation, regulatory action or other liabilities and our ability to operate our business may be impaired. While we maintain cybersecurity insurance, there can be no assurance that our insurance will cover losses we incur in connection with any cybersecurity incident.