Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Sep. 28, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	RISK MANAGEMENT AND STRATEGY Processes for Assessing, Identifying, and Managing Cybersecurity Risks The Company has established processes to assess, identify, and manage material risks arising from cybersecurity threats (as defined in Item 106(a) of Regulation S-K). These processes are integrated into the Company's' overall risk management system. Specifically: •The addition of an experienced Chief Information Security Officer ("CISO") with over 25 years of experience to lead the IT Cybersecurity and Compliance team. •Yearly risk assessment designed to help identify material cybersecurity risks to our information systems (as defined in Item 106(a) of Regulation S-K) and data. •A security incident response team that is responsible for managing our cybersecurity risk, security controls, response, and reporting cybersecurity incidents (as defined in Item 106(a) of Regulation S-K). •A cyber and data security incident response plan with policies and procedures for identifying, managing, and recovering from cybersecurity incidents, including escalating tiers of notification and reporting depending on an incident's nature and severity. •The use of third-party service providers, where appropriate, to manage, assess, test, and assist with aspects of our security controls, such as: ◦24/7 Security Operations Center Managed Services ("SOC") to monitor our cyber environment, correlate logs from all technology assets to identify potential signs of compromise and perform threat hunt exercises. ◦Enterprise-grade email security system managed services. ◦Perform penetration tests, vulnerability assessments, and vulnerability scans of our customer-facing sites, among others. ◦Prevention of denial-of-service attacks •Cybersecurity insurance designed to reduce the risk of loss resulting from cybersecurity incidents. •Policies and procedures related to cybersecurity matters, including but not limited to Acceptable Standards of Use of Technology Systems, Confidential/Sensitive Information and Credit Card Handling Policy, encryption standards, antivirus protection, wireless and remote access, multi-factor authentication, access and change control, and physical security. •Employee cybersecurity awareness by performing ongoing phishing exercises, and mandatory privacy and cybersecurity training (including spear phishing and other awareness training) for employees.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Company has established processes to assess, identify, and manage material risks arising from cybersecurity threats (as defined in Item 106(a) of Regulation S-K). These processes are integrated into the Company's' overall risk management system.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	On February 3, 2025, we experienced a systems outage caused by a cybersecurity attack by threat actors who unlawfully accessed our network, encrypted critical applications, and exfiltrated certain files (herein defined as the "Cyber Incident"). Upon discovery, we promptly activated our incident response plan, engaging both internal teams and third-party cybersecurity experts. During the year ended September 28, 2025, we incurred $10.5 million loss of cash flows related to the Cyber Incident. Approximately $3.7 million of this was incurred expenses that are recognized in "Restructuring and Other" in the Consolidated Statements of (Loss) Income and Comprehensive (Loss) Income. We have filed insurance claims for the remaining $6.8 million to cover business interruption and other costs. The Cyber Incident remains under legal and forensic investigation, including evaluation of the extent and potential risk related to unauthorized access to sensitive data. The incident had a significant negative impact on our 2025 operating results. Various revenue lines were impacted, certain operating expenses were higher than they were prior to the incident, and many projects underway were significantly delayed.
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Board of Directors plays a crucial role in overseeing our management of cybersecurity risks. The Audit and Risk Management Committee is specifically tasked with this responsibility, and it regularly reports to our Board regarding its activities, including those related to cybersecurity risk management. Our Board also receives periodic briefings from management on our cybersecurity risk management program, including presentations on cybersecurity topics from our Chief Information Officer, internal information security team, and third-party experts. These briefings cover the current threat landscape, ongoing cybersecurity initiatives, and our response to significant incidents.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit and Risk Management Committee is specifically tasked with this responsibility, and it regularly reports to our Board regarding its activities, including those related to cybersecurity risk management. Our Board also receives periodic briefings from management on our cybersecurity risk management program, including presentations on cybersecurity topics from our Chief Information Officer, internal information security team, and third-party experts.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit and Risk Management Committee is specifically tasked with this responsibility, and it regularly reports to our Board regarding its activities, including those related to cybersecurity risk management. Our Board also receives periodic briefings from management on our cybersecurity risk management program, including presentations on cybersecurity topics from our Chief Information Officer, internal information security team, and third-party experts.
Cybersecurity Risk Role of Management [Text Block]	Management is actively involved in assessing and managing material risks from cybersecurity threats. The following processes are in place: •Responsible Positions/Committees: The Chief Information Officer, and Chief Information Security Officer are responsible for assessing and managing cybersecurity risks. The individuals in these roles possess extensive expertise in cybersecurity. Specifically, the Chief Information Officer has over 25 years in Information Technology across multiple industries, and the Chief Information Security Officer has over 25 years in Security, Risk, Audit, and Compliance across various sectors, including both public and private. •Monitoring and Response Processes: We have established processes to inform and monitor cybersecurity incidents for prevention, detection, and resolution using a 24/7 third-party SOC Managed Service. The SOC is responsible for providing alerts, updates, and remediation services as needed by monitoring all technology assets for potential signs of compromise and conducting threat hunt exercises. •Reporting to the Board: Information about cybersecurity risks is regularly reported to the Board of Directors or its relevant committee. This reporting includes updates on our cybersecurity risk profile, significant incidents, and the effectiveness of mitigation strategies.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Responsible Positions/Committees: The Chief Information Officer, and Chief Information Security Officer are responsible for assessing and managing cybersecurity risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The individuals in these roles possess extensive expertise in cybersecurity. Specifically, the Chief Information Officer has over 25 years in Information Technology across multiple industries, and the Chief Information Security Officer has over 25 years in Security, Risk, Audit, and Compliance across various sectors, including both public and private.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Monitoring and Response Processes: We have established processes to inform and monitor cybersecurity incidents for prevention, detection, and resolution using a 24/7 third-party SOC Managed Service. The SOC is responsible for providing alerts, updates, and remediation services as needed by monitoring all technology assets for potential signs of compromise and conducting threat hunt exercises.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Sep. 28, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

RISK MANAGEMENT AND STRATEGY

Processes for Assessing, Identifying, and Managing Cybersecurity Risks

The Company has established processes to assess, identify, and manage material risks arising from cybersecurity threats (as defined in Item 106(a) of Regulation S-K). These processes are integrated into the Company's' overall risk management system. Specifically:

•The addition of an experienced Chief Information Security Officer ("CISO") with over 25 years of experience to lead the IT Cybersecurity and Compliance team.

•Yearly risk assessment designed to help identify material cybersecurity risks to our information systems (as defined in Item 106(a) of Regulation S-K) and data.

•A security incident response team that is responsible for managing our cybersecurity risk, security controls, response, and reporting cybersecurity incidents (as defined in Item 106(a) of Regulation S-K).

•A cyber and data security incident response plan with policies and procedures for identifying, managing, and recovering from cybersecurity incidents, including escalating tiers of notification and reporting depending on an incident's nature and severity.

•The use of third-party service providers, where appropriate, to manage, assess, test, and assist with aspects of our security controls, such as:

◦24/7 Security Operations Center Managed Services ("SOC") to monitor our cyber environment, correlate logs from all technology assets to identify potential signs of compromise and perform threat hunt exercises.

◦Enterprise-grade email security system managed services.

◦Perform penetration tests, vulnerability assessments, and vulnerability scans of our customer-facing sites, among others.

◦Prevention of denial-of-service attacks

•Cybersecurity insurance designed to reduce the risk of loss resulting from cybersecurity incidents.

•Policies and procedures related to cybersecurity matters, including but not limited to Acceptable Standards of Use of Technology Systems, Confidential/Sensitive Information and Credit Card Handling Policy, encryption standards, antivirus protection, wireless and remote access, multi-factor authentication, access and change control, and physical security.

•Employee cybersecurity awareness by performing ongoing phishing exercises, and mandatory privacy and cybersecurity training (including spear phishing and other awareness training) for employees.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

On February 3, 2025, we experienced a systems outage caused by a cybersecurity attack by threat actors who unlawfully accessed our network, encrypted critical applications, and exfiltrated certain files (herein defined as the "Cyber Incident"). Upon discovery, we promptly activated our incident response plan, engaging both internal teams and third-party cybersecurity experts.

During the year ended September 28, 2025, we incurred $10.5 million loss of cash flows related to the Cyber Incident. Approximately $3.7 million of this was incurred expenses that are recognized in "Restructuring and Other" in the Consolidated Statements of (Loss) Income and Comprehensive (Loss) Income. We have filed insurance claims for the remaining $6.8 million to cover business interruption and other costs. The Cyber

Incident remains under legal and forensic investigation, including evaluation of the extent and potential risk related to unauthorized access to sensitive data.

The incident had a significant negative impact on our 2025 operating results. Various revenue lines were impacted, certain operating expenses were higher than they were prior to the incident, and many projects underway were significantly delayed.

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board of Directors plays a crucial role in overseeing our management of cybersecurity risks. The Audit and Risk Management Committee is specifically tasked with this responsibility, and it regularly reports to our Board regarding its activities, including those related to cybersecurity risk management. Our Board also receives periodic briefings from management on our cybersecurity risk management program, including presentations on cybersecurity topics from our Chief Information Officer, internal information security team, and third-party experts.

These briefings cover the current threat landscape, ongoing cybersecurity initiatives, and our response to significant incidents.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit and Risk Management Committee is specifically tasked with this responsibility, and it regularly reports to our Board regarding its activities, including those related to cybersecurity risk management. Our Board also receives periodic briefings from management on our cybersecurity risk management program, including presentations on cybersecurity topics from our Chief Information Officer, internal information security team, and third-party experts.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Management is actively involved in assessing and managing material risks from cybersecurity threats. The following processes are in place:

•Responsible Positions/Committees: The Chief Information Officer, and Chief Information Security Officer are responsible for assessing and managing cybersecurity risks. The individuals in these roles possess extensive expertise in cybersecurity. Specifically, the Chief Information Officer has over 25 years in Information Technology across multiple industries, and the Chief Information Security Officer has over 25 years in Security, Risk, Audit, and Compliance across various sectors, including both public and private.

•Monitoring and Response Processes: We have established processes to inform and monitor cybersecurity incidents for prevention, detection, and resolution using a 24/7 third-party SOC Managed Service. The SOC is responsible for providing alerts, updates, and remediation services as needed by monitoring all technology assets for potential signs of compromise and conducting threat hunt exercises.

•Reporting to the Board: Information about cybersecurity risks is regularly reported to the Board of Directors or its relevant committee. This reporting includes updates on our cybersecurity risk profile, significant incidents, and the effectiveness of mitigation strategies.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Responsible Positions/Committees: The Chief Information Officer, and Chief Information Security Officer are responsible for assessing and managing cybersecurity risks.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The individuals in these roles possess extensive expertise in cybersecurity. Specifically, the Chief Information Officer has over 25 years in Information Technology across multiple industries, and the Chief Information Security Officer has over 25 years in Security, Risk, Audit, and Compliance across various sectors, including both public and private.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Monitoring and Response Processes: We have established processes to inform and monitor cybersecurity incidents for prevention, detection, and resolution using a 24/7 third-party SOC Managed Service. The SOC is responsible for providing alerts, updates, and remediation services as needed by monitoring all technology assets for potential signs of compromise and conducting threat hunt exercises.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true