Posted On May 14, 2023 Consumer Privacy & Data Breaches
May 14 – ARC Document Solutions, Inc. (ARC) reported a notification of data breach to the Montana Attorney General on May 10, 2023, after discovering that sensitive customer information was exposed via a hack of the company’s computer system. Although ARC has yet to make public what kinds of data were compromised in the incident, we may assume that it contained sensitive customer information. Letters informing anyone affected by the data breach have now begun to be sent out by ARC.
Data breach lawyers at Console & Associates, P.C. are now looking into the ARC Document Solutions data leak. We provide free consultations to anybody who has received a breach notice who is worried about identity theft, and would like to understand more about their legal options for pursuing compensation from ARC.
More than 90,000 businesses, including numerous government agencies, educational institutions, and healthcare facilities, rely on the printing and scanning services provided by ARC Document Solutions, Inc. ARC also provides technical printing services to the building industry’s architects, engineers, and other specialists. From its base in San Ramon, California, ARC manages over 140 print facilities in the Americas. ARC Document Solutions has around 1,764 employees and produces over $286M in yearly sales.
The corporation reported suspicious behavior inside its computer network on January 15, 2023, according to a filing with the Montana Attorney General. As a result, ARC took measures to protect its network and hired a forensics firm to aid in its investigation.
According to ARC’s investigation, a hacker broke into the company’s system sometime between January 12, 2023 and January 18, 2023. It was eventually discovered that the unauthorized individual gained access to files containing private information about certain customers.
After learning that private customer information had fallen into the wrong hands, ARC Document Solutions started looking through the stolen files to ascertain what data had been exposed and how many customers had been affected.
On May 10, 2023, ARC finished up this procedure and started issuing data breach notifications to all people whose information was exposed.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the ARC Document Solutions, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
ARC Document Solutions, Inc. (“ARC”) is writing to notify you of a recent incident that may affect the privacy of some of your personal information. We write to provide you with information about the incident, our response, and steps you can take to help protect against the possible misuse of your information, should you feel it is appropriate to do so.
What Happened? On January 15, 2023, ARC became aware of suspicious activity on its servers. We immediately took steps to secure our network, and with the assistance of industry-leading third-party forensic specialists, deployed countermeasures to contain the incident. We further began an investigation to determine the nature and scope of the activity. Our investigation confirmed that an unauthorized actor gained access to certain files within our systems between January 12, 2023 and January 18, 2023. Given that certain information was accessed without authorization, we then undertook a comprehensive review of the impacted data to understand the specific information potentially impacted and to whom it related for purposes of providing notification to potentially impacted individuals. We completed those efforts on March 29, 2023, and thereafter worked to provide notification to potentially impacted individuals as quickly as possible. We are notifying you because your information was present in the files accessible to the unauthorized actor, and therefore may have been accessed during this incident.
What Information Was Involved? Our investigation determined that the information related to you that may have been impacted includes your name and [Redacted]. Please note that we have no evidence that any of your information was used for identity theft or fraud.
What We Are Doing. We take this incident and the obligation to safeguard the information in our care very seriously. After discovering the suspicious activity, we promptly took steps to confirm our system security, and engaged third-party forensic specialists to assist in conducting a comprehensive investigation of the incident to confirm its nature, scope, and impact. ARC also promptly notified federal law enforcement. Further, as part of our ongoing commitment to the privacy and security of personal information in our care, we are reviewing and enhancing existing policies and procedures relating to data protection and security. We have instituted additional security measures to better protect against future similar incidents. We are also notifying relevant regulatory authorities, as required.
We are notifying you out of an abundance of caution and providing information and resources to assist you in helping protect your personal information, should you feel it appropriate to do so. As an added precaution, we are offering you access to credit monitoring and identity theft protection services for [Redacted] months through Experian at no cost to you. If you wish to activate these complimentary services, you may follow the instructions included in the attached Steps You Can Take to Help Protect Personal Information. We encourage you to enroll in these services as we are unable to act on your behalf to do so.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring your free credit reports for suspicious activity and to detect errors. You should report any such activity to law enforcement. You can also enroll to receive the complimentary credit monitoring services that we are offering to you. Please also review the information contained in the enclosed Steps You Can Take to Help Protect Personal Information.
For More Information. We understand that you may have questions that are not addressed in this notice. If you have additional questions or concerns, please call our dedicated call center at (888) 274-8110, which is available from 8:00 a.m. to 10:00 p.m. Central Time Monday through Friday, and Saturday and Sunday 10:00 a.m. to 7:00 p.m. Central Time (excluding major U.S. holidays). Be prepared to provide your engagement number [Redacted]. You may also write to ARC at 12657 Alcosta Boulevard, Suite 200, San Ramon, CA 94583.