$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On April 25, 2022 Consumer Privacy & Data Breaches

A Guide for Victims of the Henry Company Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Henry Company, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

April 25, 2022 – RData Breach Alertecently, Henry Company announced a data breach involving the names, driver’s license numbers, identification numbers, and Social Security numbers of certain individuals. On April 20, 2022, Henry Company sent data breach letters to all parties whose information was compromised in the recent breach.

The data breach lawyers at Console & Associates, P.C. are actively investigating the Henry Company data breach. We are currently seeking to interview as many victims of the breach as possible to determine how they were impacted and what legal options may be available to them. If you would be willing to participate in the investigation and would like to have a free consultation and case evaluation, please contact us as soon as possible.

In 2021, there were 1,862 data breaches affecting more than 189,000,000 individuals. Victims of identity theft spend, on average, 200 hours and more than $1,300 recovering their identity. Many of these victims also suffer credit damage, emotional distress, and may even end up with a criminal record. Taking immediate action is the best way to prevent the worst consequences of a data breach.

What We Know So Far About the Henry Company Breach

According to the official notice provided by the company, Henry recently was the target of a ransomware attack occurring between January 21, 2022 and January 29, 2022. After learning of the cyberattack, Henry Company began an investigation into the incident, hoping to learn more about what information was affected. On March 11, 2022, the company’s investigation revealed that some files containing sensitive consumer information were among those accessible to the cybercriminals orchestrating the attack.

Upon learning of the extent of the security breach, Henry Company then reviewed the affected files to determine what information was compromised. While the compromised information varies based on the individual, it may include your name, driver’s license number, state identification number and Social Security number.

On April 20, 2022, Henry Company began sending out data breach notification letters to all individuals whose information was compromised as a result of the recent data security incident.

Founded in 1981, Henry Company is a nationwide supplier of air and vapor barrier, roofing and waterproofing products. The company’s Building Envelope Systems are intended to keep water out of homes and other buildings. Henry Company is owned by the larger construction supply company, Carlisle Companies, which is a publicly-traded company on the New York Stock Exchange under the ticker symbol “CSL.” Henry Company employs more than 650 people and generates approximately $253 million in annual revenue.

Can Consumers Whose Data Was Leaked Pursue Legal Action Against a Company?

When you allowed Henry access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the Henry data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.

Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.

Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Henry Company breach is only in its beginning phases. For that reason, it is too early to tell if Henry was legally responsible for the breach. However, our data breach attorneys are investigating the Henry Company security breach to determine the potential legal remedies of those affected.

If you have questions about your ability to pursue a data breach class action lawsuit against Henry, contact a data breach attorney as soon as possible.

What to Do If You Received a Data Breach Notification from Henry

If you receive a data breach notification from Henry in the coming weeks, it means your personal data was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:

  1. Figure Out What Information Was Stolen: Carefully review the data breach letter sent by Henry, keeping in mind the information you provided to the company as well as the type of data that was compromised in the breach. You should also take a copy of the data breach letter and keep it for your records. Of course, data breach letters are not always easy to understand. A consumer privacy lawyer can help victims of a data breach understand what was compromised and how to protect themselves.
  2. Prevent the Hacker from Accessing Your Accounts: Once you determine the scope of the breach and how it affected you, you should take all steps to prevent cybercriminals from accessing your credit or financial accounts. For example, you should change all passwords and security questions for your online accounts. You should also consider setting up multi-factor authentication where it is available.
  3. Protect Your Credit and Your Financial Accounts: In the wake of a data breach, companies usually provide free credit monitoring services for a specified period of time. This is not a gimmick, and you do not give up any rights by taking a company up on their offer. Additionally, you should contact one of the three main credit bureaus to request a copy of your credit report. Even if you do not notice any signs of fraud or unauthorized activity, it is a good idea to request a fraud alert. Fraud alerts are free and serve as a red flag to potential lenders and creditors that your information was compromised.
  4. Consider a Credit Freeze: A credit freeze prevents access to your credit report unless you specifically authorize it. Credit freezes are free and last until you remove them. While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit.
  5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach is not a one-time task. You should continually monitor your credit report and all financial accounts, keeping an eye out for any signs of unauthorized activity or fraud. You may also consider calling your banks and credit card companies to report the fact that your information was compromised in a data breach.

If You Have Questions About Your Rights Following the Henry Company Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Henry data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

What Was Sent to Those Affected By the Henry Company Data Breach?

Below is a copy of the initial data breach letter issued by Henry Company:

Dear [Consumer],

Henry Company (“Henry”) is writing to inform you of a security incident that may have involved information about you. We take the protection of your information seriously. We are contacting you now to explain what information may have been involved, what happened, and the steps you can take to protect your information.


Henry was the victim of unlawful ransomware activity from approximately January 21, 2022, to January 29, 2022, that impacted certain servers and workstations in the United States and Canada. In response to this activity, we engaged a leading third-party cybersecurity forensics firm to restore the security and integrity of our systems, and then determine the scope of the information affected. In the course of our investigation, on March 11, 2022, we learned that some files containing information about you residing on the impacted servers and workstations may have been subject to unauthorized access.


As part of our investigation, we learned that certain information about you may have been stored on compromised systems, including your name, driver’s license / state identification number, and/or Social Security number. At this point, however, we have no reason to believe that your information has been used to commit identity theft, fraud, or any other unlawful activity.


In response to the incident, we immediately took the impacted systems offline to secure those systems first, as well as the information contained on them, and we have been diligent to ensure that our systems were scanned and reviewed to verify that they were safe to use prior to bringing them back online. We continue to work closely with our external industry-leading service providers to implement additional incremental security measures to protect our systems, and to help us defend against this type of unlawful activity in the future.

As a precautionary measure, we purchased twenty-four (24) months of identity theft protection services (at no cost to you) through Experian, a leading data breach resolution services expert. If you believe there was fraudulent use of your information as a result of this incident and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent. If, after discussing your situation with an agent, it is determined that identity restoration support is needed then an Experian Identity Restoration agent is available to work with you to investigate and resolve each incident of fraud that occurred from the date of the incident (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Henry Company, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.