Posted On July 20, 2022 Consumer Privacy & Data Breaches
July 20, 2022 – Ardagh Glass, Inc. reported a data breach after the company was targeted in a recent cybersecurity attack. As a result of the breach, for most individuals, their names and Social Security Numbers were compromised. For a small subset of individuals, the types of affected data varied by individual, but may have their name, Social Security Number, driver’s license number, passport number, other governmental identification number, birth certificate, financial account number, or work-related injury information. The Ardagh Glass, Inc. data breach is believed to have impacted as many as 5,656 individuals. On July 5, 2022, Ardagh Glass, Inc. sent out data breach letters to those individuals whose information was affected by the breach.
The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently received a NOTICE OF DATA BREACH from Ardagh Glass, Inc., contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Below is a portion of the letter that Ardagh Glass, Inc. sent to individuals affected by the data breach:
Dear Redacted,
We write to share important information with you about a data security incident that may have impacted your personal information. In an abundance of caution, we are providing you with this notice so that you know what we are doing and the steps you can take to protect your information should you feel it is appropriate to do so. We regret that this incident occurred and take the security of your personal information seriously.
What Happened?
We have conducted an investigation, with the assistance of leading cybersecurity experts, into a criminal cyberattack that targeted our systems. On May 2, 2021, Ardagh discovered that criminal actors encrypted portions of our network environment in Europe and the United States in a ransomware attack. Based on our investigation, we understand that the potential unauthorized activity occurred between April 23, 2021 and May 19, 2021.
In October 2021, we learned that a ransomware group posted links to data that it claimed to have stolen from Ardagh systems on a dark web site, which appears on a portion of the Internet that is only accessible by means of special software and knowledge. In the ensuing time period, Ardagh has worked with outside cybersecurity experts to obtain copies of the posted data and to analyze its contents, specifically with the aim of identifying whether personal information was impacted.
On June 22, 2022, we determined that your personal information was contained within the data files posted on the dark web site. Aside from the act of posting the data on the dark web site, our investigation has not revealed any evidence that your data has been otherwise misused. We are undertaking ongoing monitoring of the dark web to identify if such attempts are made.
There are some additional facts that we can provide to help you assess any risk to your information. First, the servers used to post the data on the dark web have been offline since on or about November 16, 2021. Thus, at this time, the files containing Ardagh data are no longer available for download and may remain so. Second, when the servers were online, they were unreliable and slow, which prolonged Ardagh’s efforts to obtain a copy of the data even with the assistance of cybersecurity experts. Third, this dark web site was posted in an area of the internet that can only be accessed with specialized knowledge and software, making it unlikely that any personal data relating to you was readily accessible by the general public. Finally, very limited amounts of personal information were interspersed throughout the data set posted online, making the personal information difficult to locate even with Ardagh’s knowledge of the dataset and powerful technological search tools. Nonetheless, Ardagh takes this matter extremely seriously and wants to ensure that any risk to your information is being properly addressed.
What Information Was Involved?
For most individuals, their names and Social Security Numbers were involved. For a small subset of individuals, the types of affected data varied by individual, but may have included one or more of the following data types: name, Social Security Number, driver’s license number, passport number, other governmental identification number, birth certificate, financial account number, or work-related injury information.
What We Are Doing.
Ardagh regularly reviews and updates the measures it takes to protect your personal information. We strive to continually improve our data security and maintain a secure environment for confidential and personal information. In response to this incident, Ardagh immediately launched an investigation with the assistance of leading cybersecurity experts to secure each impacted system and has continued to monitor for suspicious activity. Ardagh also continues to enhance its security controls where appropriate and trains its workforce regarding cybersecurity issues. We are also regularly monitoring the dark web to identify any data taken from or relating to Ardagh. As an added precaution, we are providing you with access to a complimentary [Redacted]-month membership of Experian’s® IdentityWorksSM. This product provides you with superior identity detection and resolution of identity theft.
To activate your membership and start monitoring your personal information please follow the steps below: Ensure that you enroll by: September 30, 2022 (Your code will not work after this date.)
Visit the Experian IdentityWorks website to enroll: [Redacted]
Provide your activation code: [Redacted].
If you have questions about the product, need assistance with identity restoration or would like an alternative to enrolling in Experian IdentityWorks online, please contact Experian’s customer care team at 1-877-890-9332 by September 30, 2022. Be prepared to provide engagement number [Redacted] as proof of eligibility for the identity restoration services by Experian.
If you believe there was fraudulent use of your information and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent at 1-877-890-9332. If, after discussing your situation with an agent, it is determined that Identity Restoration support is needed, then an Experian Identity Restoration agent is available to work with you to investigate and resolve each incident of fraud that occurred (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).
Please note that this Identity Restoration support is available to you for [Redacted] months from the date of this letter and does not require any action on your part at this time. The Terms and Conditions for this offer are located at [Redacted]. You will also find self-help tips and information about identity protection at this site.
We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have questions or concerns regarding this matter, please do not hesitate to contact us at 1-833-737-0006.
