Posted On August 5, 2022 Consumer Privacy & Data Breaches
On August 3, 2022, A. Duda & Sons, Inc., along with its affiliates and subsidiaries, including Duda Farm Fresh Foods, Duda Ranches, DUDA Commercial Properties, The Viera Company, Viera Builders, and Duran Golf Club (collectively, “DUDA”) reported a data breach after the company was targeted in a ransomware attack. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: names, Social Security numbers, financial information, employee information and email addresses. After confirming that consumer data was leaked, DUDA began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the DUDA data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from A. Duda & Sons, Inc.
According to an official notice filed by the company, as well as a notice posted on its website, in June and July of 2022, cybercriminals gained access to DUDA’s computer system. Then, on July 9, 2022, those same hackers orchestrated a ransomware attack against DUDA, encrypting a portion of the company’s computer network.
In response, DUDA took the necessary steps to restore and secure its computer systems and then reached out to law enforcement and cybersecurity professionals to assist in the investigation. This investigation confirmed that the “data accessed by the hackers was varied and substantial.” In fact, on July 13, 2022, a user named “BlackCat” posted the following on the dark web that it has acquired more that 300GB of data, which included “SSN” and personal data.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, DUDA then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your full name, Social Security number, payroll data, financial information, date of birth, email address, telephone number, address, employee identification numbers, employee dependent information and any other information you provided to DUDA in the past.
On August 3, 2022, DUDA sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The company also posted a “Notice of Data Breach” on its website.
A. Duda & Sons, Inc. is an agricultural producer and diversified land company based in Oviedo, Florida. DUDA owns and operates a number of other companies that complement the organization’s business model, including Duda Farm Fresh Foods, Duda Ranches, DUDA Commercial Properties, The Viera Company, Viera Builders, and Duran Golf Club. DUDA also grows a variety of agricultural commodities, including vegetables, citrus, cattle, sugarcane, and other crops. DUDA grows an estimated 33 percent of the world’s celery. DUDA employs more than 1,099 people and generates approximately $597 million in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the DUDA data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by A. Duda & Sons, Inc.:
In June and July of 2022, an unauthorized third party used sophisticated security exploits to gain access to DUDA’s information technology systems. On July 9, 2022, these cybercriminals deployed ransomware on DUDA’s systems, encrypting most of DUDA’s computer network. DUDA has since learned that, during this attack, the attackers also downloaded files from our systems that included personally identifiable information. DUDA reported the incident to law enforcement and has worked diligently to restore operations and security since the attack.
What information was involved?
The data accessed by the attackers was varied and substantial. In some cases, the information included full names, social security numbers, payroll data, financial information, dates of birth, email addresses, telephone numbers, addresses, employee identification numbers, employee dependent information, a combination of these data, or other data an individual may have provided to DUDA in the past. However, due to the volume of files taken and the nature of logging information, DUDA cannot determine with certainty the exact scope of personal information the attackers may have extracted.
To be safe, if you have provided personal information or data to DUDA or its affiliates in the past, you should assume that your personally identifiable information or data may have been compromised in this incident and take appropriate precautions.
What we are doing
DUDA has taken swift action to restore the functionality and security of its data systems
following the attack. We are cooperating with law enforcement investigating the attack. DUDA is also working with outside consultants to strengthen our information security systems to reduce the risk of a similar attack in the future. We are offering certain credit monitoring services at no cost to individuals who are or who have a good faith belief that they have been affected by this incident. Further information on this offering is below.
What you can do
The most important thing you can do in response to this incident is to remain vigilant and
secure your financial and other accounts. Whether you have been affected by this specific breach or not, it is important to regularly review personal account statements and credit reports to ensure no unauthorized activity has occurred. Here are a few warning signs to help you determine whether your personal information may have been used by someone else:
Malicious actors may try to trick you into giving them more information using the compromised data. If you receive any suspicious communications, particularly regarding financial matters, you should verify the source of these communications before revealing any personal
information. If you are threatened by anyone, you should contact law enforcement. If you believe you have been the victim of identity theft, you should also contact law enforcement, your state attorney general, or the Federal Trade Commission (“FTC”).
You may want to change your passwords to various online accounts. If you do change your passwords, your new password should be substantially different from your old password to best ensure security. Remember, it is never a good idea to use the same password from work for your personal or household applications.
Additionally, you may also consider placing a security freeze on your credit report, as allowed by state law. A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. Please note that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any request you make for new loans, credit, credit or debit cards, mortgages, employment, housing, or other services.