XML 22 R8.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Aug. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

  

Our Board recognizes the critical importance of maintaining the trust and confidence of our customers, suppliers, business partners and employees. Our Board and our Audit Committee are actively involved in oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management (“ERM”). Our cybersecurity policies, standards, processes, and practices are fully integrated into our ERM program and are based on recognized frameworks and applicable established industry standards. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

 

As one of the critical elements of our overall ERM approach, our cybersecurity program is focused on the following key areas:

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;
technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls;
the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security procedures;
training and awareness programs for employees that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and procedures;
a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
a third-party risk management process for service providers, suppliers, and vendors.

 

Notwithstanding the measures we have put in place internally and through third party industry experts, on October 15, 2025, we learned that a threat actor had gained unauthorized access to portions of our information technology (“IT”) environment and claimed to have unlawfully accessed certain Company information and data. We immediately activated our cyber incident response plan to contain the intrusion, assess and investigate the incident and implement remedial measures. We also immediately notified law enforcement, including the Federal Bureau of Investigation (FBI), and retained external cybersecurity experts to assist. Based on our investigation to date, we believe that the cybersecurity incident consisted of unauthorized access and deployment of encryption and monitoring software by a third party to a portion of our internal corporate IT systems. The incident caused disruptions and limitation of access to portions of our business applications supporting aspects of our operations and corporate functions, which we voluntarily took offline as a precautionary measure. Based on the information reviewed to date, we believe the unauthorized activity has been contained and we were able to bring the impacted portions of our IT systems and individual computer devices back online and operate at full capacity within a week of detection of the unauthorized access.

 

Although we ascertained that certain information was exfiltrated, we are still investigating the extent of compromise of any sensitive information contained within the accessed IT systems. However, it is believed that the threat actors unlawfully accessed certain computer systems and exfiltrated images of video meetings and computer screens that may contain sensitive information. The threat actors released a portion of this information publicly and that of some of our vendors and customers since we had not acceded to their demand for a monetary payment. However, we do not believe that the threat actor was able to infiltrate the computer systems of any of our customers or vendors. We have taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access and bolstering our cyber defensive capabilities. We believe that there will be additional costs associated with these activities but that the disruption to our operations and the costs associated with our cybersecurity experts will largely be covered by adequate insurance. However, there can be no assurance that our insurance carriers will accept liability under these policies, in which event, we would be compelled to pay the expenses of our cyber experts directly, which would increase our costs and have a material adverse effect on our future financial performance.

 

As the investigation of the incident is ongoing, the full scope, nature and ultimate impact of the incident are not yet completely known. We have no current evidence that any personally identifiable information of any employees, customers, suppliers or vendors has been compromised, but our analysis and review of the potential compromised systems and data is continuing.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our Board and our Audit Committee are actively involved in oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management (“ERM”).
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls;
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

 

Our Board is engaged in the oversight of cybersecurity threat risk management. Additionally, the Audit Committee regularly receives updates on cybersecurity risks and the security and operations of our information technology systems from our Chief Financial Officer. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.

 

Management is responsible for developing cybersecurity programs. Our expertise in IT and cybersecurity generally has been gained from a combination of education, best practices and prior experience. They are informed by their respective cybersecurity teams about, and monitor, the prevention, detection, mitigation and remediation of cybersecurity incidents as part of the cybersecurity programs described above. As evidenced by the cybersecurity incident described above, no combination of defensive measures are infallible. However, we are confident that we have established robust and reasonable measures and defenses consistent with industry standards and our Company’s operations and use of internet-related systems. While this landscape is continually changing, we attempt to be knowledgeable and flexible with regard to the protection of our data and that of our partners.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board is engaged in the oversight of cybersecurity threat risk management.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Additionally, the Audit Committee regularly receives updates on cybersecurity risks and the security and operations of our information technology systems from our Chief Financial Officer.
Cybersecurity Risk Role of Management [Text Block] The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Management is responsible for developing cybersecurity programs.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our expertise in IT and cybersecurity generally has been gained from a combination of education, best practices and prior experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] They are informed by their respective cybersecurity teams about, and monitor, the prevention, detection, mitigation and remediation of cybersecurity incidents as part of the cybersecurity programs described above.