Posted On April 25, 2022 Consumer Privacy & Data Breaches
April 25, 2022 – Recently, Henry Company announced a data breach involving the names, driver’s license numbers, identification numbers, and Social Security numbers of certain individuals. On April 20, 2022, Henry Company sent data breach letters to all parties whose information was compromised in the recent breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Henry Company data breach. We are currently seeking to interview as many victims of the breach as possible to determine how they were impacted and what legal options may be available to them. If you would be willing to participate in the investigation and would like to have a free consultation and case evaluation, please contact us as soon as possible.
In 2021, there were 1,862 data breaches affecting more than 189,000,000 individuals. Victims of identity theft spend, on average, 200 hours and more than $1,300 recovering their identity. Many of these victims also suffer credit damage, emotional distress, and may even end up with a criminal record. Taking immediate action is the best way to prevent the worst consequences of a data breach.
According to the official notice provided by the company, Henry recently was the target of a ransomware attack occurring between January 21, 2022 and January 29, 2022. After learning of the cyberattack, Henry Company began an investigation into the incident, hoping to learn more about what information was affected. On March 11, 2022, the company’s investigation revealed that some files containing sensitive consumer information were among those accessible to the cybercriminals orchestrating the attack.
Upon learning of the extent of the security breach, Henry Company then reviewed the affected files to determine what information was compromised. While the compromised information varies based on the individual, it may include your name, driver’s license number, state identification number and Social Security number.
On April 20, 2022, Henry Company began sending out data breach notification letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1981, Henry Company is a nationwide supplier of air and vapor barrier, roofing and waterproofing products. The company’s Building Envelope Systems are intended to keep water out of homes and other buildings. Henry Company is owned by the larger construction supply company, Carlisle Companies, which is a publicly-traded company on the New York Stock Exchange under the ticker symbol “CSL.” Henry Company employs more than 650 people and generates approximately $253 million in annual revenue.
When you allowed Henry access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the Henry data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.
Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.
Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Henry Company breach is only in its beginning phases. For that reason, it is too early to tell if Henry was legally responsible for the breach. However, our data breach attorneys are investigating the Henry Company security breach to determine the potential legal remedies of those affected.
If you have questions about your ability to pursue a data breach class action lawsuit against Henry, contact a data breach attorney as soon as possible.
If you receive a data breach notification from Henry in the coming weeks, it means your personal data was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Henry data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Henry Company:
Henry Company (“Henry”) is writing to inform you of a security incident that may have involved information about you. We take the protection of your information seriously. We are contacting you now to explain what information may have been involved, what happened, and the steps you can take to protect your information.
Henry was the victim of unlawful ransomware activity from approximately January 21, 2022, to January 29, 2022, that impacted certain servers and workstations in the United States and Canada. In response to this activity, we engaged a leading third-party cybersecurity forensics firm to restore the security and integrity of our systems, and then determine the scope of the information affected. In the course of our investigation, on March 11, 2022, we learned that some files containing information about you residing on the impacted servers and workstations may have been subject to unauthorized access.
WHAT INFORMATION WAS INVOLVED
As part of our investigation, we learned that certain information about you may have been stored on compromised systems, including your name, driver’s license / state identification number, and/or Social Security number. At this point, however, we have no reason to believe that your information has been used to commit identity theft, fraud, or any other unlawful activity.
WHAT WE ARE DOING
In response to the incident, we immediately took the impacted systems offline to secure those systems first, as well as the information contained on them, and we have been diligent to ensure that our systems were scanned and reviewed to verify that they were safe to use prior to bringing them back online. We continue to work closely with our external industry-leading service providers to implement additional incremental security measures to protect our systems, and to help us defend against this type of unlawful activity in the future.
As a precautionary measure, we purchased twenty-four (24) months of identity theft protection services (at no cost to you) through Experian, a leading data breach resolution services expert. If you believe there was fraudulent use of your information as a result of this incident and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent. If, after discussing your situation with an agent, it is determined that identity restoration support is needed then an Experian Identity Restoration agent is available to work with you to investigate and resolve each incident of fraud that occurred from the date of the incident (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).