Posted On May 3, 2022 Consumer Privacy & Data Breaches
May 3, 2022 – Recently, Ferrara Candy Company reported a data breach after an unauthorized party was able to gain access to sensitive employee information stored on the company’s computer servers. As a result of the breach, the names, Social Security numbers, birth dates, and financial account information of certain employees were compromised. On April 29, 2022, Ferrara Candy Company sent out data breach letters to those employees whose information was affected by the breach.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Ferrara data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Ferrara Candy Company.
According to an official filed by the company, on October 9, 2021, Ferrara Candy learned of a data security incident affecting its computer system. However, the company explains that the unauthorized access began on October 2, 2021. Thus, the unauthorized party had access to the company’s system between October 2, 2021 and October 9, 2021.
In response, the company secured its computer systems and launched an investigation to learn more about the nature and scope of the incident. Subsequently, Ferrara confirmed that an unauthorized party was able to access and remove sensitive files from the Ferrara network.
Upon learning of the unauthorized access, Ferrara then sought to identify whether any parties’ sensitive information was contained in the affected files. On March 30, 2022, the company completed its review of the compromised files. While the breached information varies based on the individual, it may include affected individuals’ names, dates of birth, financial account information, Social Security numbers, driver’s license numbers, birth certificates, passport numbers or other government issued identification numbers, digital/electronic signatures, mother’s maiden name, and/or medical information.
On April 29, 2022, Ferrara issued data breach letters to those whose information was compromised in the breach.
Ferrara Candy Company is a candy company based in Chicago, Illinois. The company produces some of the most well-known candies, including SweetTarts, Lemonheads, Black Forest gummies, Trolli gummies, and Laffy Taffy. In 2017, the company was acquired by the previously unrelated (but similarly named) Italian confection company, Ferrero Group. Ferrara Candy Company employs more than 6,000 people and generates approximately $2 billion in annual revenue.
Below is a portion of the letter that was sent to individuals affected by the breach:
Dear <<Name1>>:
Ferrara Candy Company (“Ferrara”) is writing to make you aware of an incident that may affect the security of some of your
information. We take this incident seriously, and write to provide you with information about the incident, what we are doing in
response, and the resources that are available to you to help better protect your personal information from possible misuse, should
you feel it is appropriate to do so.
What Happened? On October 9, 2021, Ferrara identified unusual activity on its network and began an investigation with
the assistance of third-party forensic specialists. The investigation determined that an unauthorized actor accessed the Ferrara
network and removed certain files from the network sometime between October 2, 2021 and October 9, 2021. As a result,
we undertook a comprehensive process to identify what information was potentially contained within the impacted files, and
to whom that information belonged. That process was completed on or around March 30, 2022. We are now notifying those
individuals whose information was potentially impacted by the incident.
What Information Was Involved? Based on the investigation into this incident, it was determined that the information involved
may include your <<Data Elements>> and name.
What We Are Doing. We take this incident and the security of information within our care seriously. Upon discovery of this
incident, we launched an in-depth investigation with the assistance of third-party forensic specialists to determine the full nature
and scope of this incident. As part of our ongoing commitment to the privacy of information in our care, we are reviewing our
existing policies and procedures and implementing additional safeguards to further secure the information in our systems as
appropriate. We notified law enforcement and are notifying regulatory authorities as required by law. We are also notifying
potentially affected individuals, including you, so that you may take further steps to best protect your personal information,
should you feel it is appropriate to do so. As an added precaution, we arranged to have Equifax provide credit monitoring services
for <<CM Length>> at no cost to you.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account
statements and monitoring your free credit reports for suspicious activity and to detect errors over the next 12 to 24 months.
Please also review the information contained in the enclosed Steps You Can Take to Help Protect Your Personal Information.
You may also enroll in the complimentary credit monitoring services we are making available to you. Enrollment instructions
are attached to this letter.
For More Information. We understand you may have additional questions not addressed by this letter. If you have questions,
please call our dedicated assistance line at 833-659-2235, 9 AM to 9 PM Eastern, Monday through Friday.
Sincerely,
Ferrara Candy Company
