Posted On January 31, 2022 Consumer Privacy & Data Breaches
January 31, 2022 – Data breaches and other cybersecurity events have recently been a hot topic. Ever since the beginning of the COVID-19 pandemic, hackers and other cybercriminals have capitalized on the fact that many companies have focused their attention on areas other than consumer privacy.
In recent data breach news, the printing company Calitho reported that the company experienced what appears to be a cyberattack that resulted in an unauthorized party gaining access to sensitive consumer information. According to a recent letter sent to affected parties, on December 23, 2021, Calitho first noticed that it could not access certain files and folders on its computer system. In response, the company is investigating the incident. While this investigation is ongoing, Calitho cannot rule out the possibility that an unauthorized user gained access to or stole information stored on the company’s network. The data that may have been accessed by the unauthorized party include consumers’ full names, Social Security numbers, driver’s license numbers, state-issued identification numbers, passport numbers, military identification numbers, financial account numbers and health insurance information.
Data security events such as the Calitho data breach are increasingly common and raise serious concerns for consumers. Often, a cybersecurity incident such as this one is the result of a person hacking into a company’s computer system to view, and possibly steal, sensitive consumer information. While no one will ever know why Calitho was targeted in the recent cyberattack, it is not uncommon for hackers and other criminals to identify companies that have weak or outdated data security systems.
When a hacker or cybercriminal accesses a computer network, they can then view and remove sensitive consumer data from the compromised computers and networks. While companies will be able to tell which files were accessible, they often may be no way of knowing whether the files were actually viewed by the unauthorized party and whether that party retained any of the data contained in those files.
The fact that your information was leaked in a data breach does not necessarily mean it will be used for criminal purposes. However, because a data breach puts consumer information in the hands of an unauthorized person, the risk of identity theft is a real one. That said, criminal use of compromised data is a possibility that should not be ruled out.
Given the risks that hacking events like this one pose, individuals who receive a Calitho data breach notification letter should treat the situation with the seriousness it deserves and remain vigilant in checking for any signs of unauthorized activity.
When you trusted Calitho with your business, you voluntarily gave the company access to your personal information. In doing so, you also trusted the company to keep your information secure. Certainly, anyone in your shoes would think that the company would safeguard their information. However, news of the Calitho data breach raises some questions about the company’s data security measures and whether it could have been done to prevent the breach.
Companies have an ethical and legal obligation to ensure sensitive consumer information in their possession remains private. While developing a system to protect consumer data from the many cyber threats that are out there comes at a significant expense, it is a necessary expense when doing business in an environment where cyberattacks, network intrusions and other data security events are common.
The United States consumer privacy laws allow consumers to file a data breach lawsuit against companies that misuse their data or place their information on inadequately secured networks. However, the Calitho data breach is very recent, and details about the incident are still emerging. Therefore, as of right now, there is no evidence suggesting Calitho was negligent in how it maintained consumer data or that it was responsible for the breach. However, this could change. Our data breach attorneys are investigating the Calitho data security incident and its potential causes to determine what legal remedies, if any, consumers have against the company.
If you have questions about your ability to bring a data breach class action lawsuit against Calitho, you should contact a data breach lawyer as soon as possible.
If you receive a data breach notification letter from Calitho, your data was compromised in the breach. This means that a stranger, and possibly a criminal looking to steal your identity, may have accessed, viewed, and stolen your personal data. While no harm may come of this event, unfortunately, you won’t know that to be the case until it’s too late. Thus, it is very important you remain vigilant by taking the following steps:
Calitho is a full-service printing business based in Concord, California. While “Calitho” is the name the company uses in its marketing and all communication with the public, the official business name of the company is Acme Press, Inc. The company provides a wide range of printing, packaging, display and logistics services to clients in the Bay Area and throughout the country.
The origins of the company began in 1985, when the founders purchased a small print operator named Acme Press, renaming the company California Lithographers. Subsequently, the company acquired several other smaller businesses and, in 2013, changed its name again from California Lithographers to Calitho. While the company is primarily a printing business, it also offers marketing and consulting services to its clients.
According to Calitho, on December 23, 2021, the company experienced problems accessing certain files and folders on its computer system. In response, Calitho launched an investigation into what it believed to be a possible cyberattack. This investigation is ongoing, however, Calitho confirmed that it is “unable to rule out unauthorized access to, or taking of, information stored on the Calitho network.” Calitho also reports that the data which may have been accessed as a result of the hacking incident includes the following information:
Below is a copy of the initial data breach letter issued by Calitho (a sample of the actual notice sent to consumers can be found here):
Dear [Consumer],
Acme Press, Inc. dba Calitho (“Calitho”) is writing to inform you of a recent incident that may impact the privacy of some of your personal information. While we are unaware of any attempted or actual misuse of your information, we are providing you with information about the incident, our response, and steps you may take to protect against any misuse of your information, should you feel it necessary to do so.
What Happened? On or about December 23, 2021, Calitho became aware of suspicious activity on its network and discovered that it could not access certain files and folders on its servers. Calitho immediately launched an investigation to determine the nature and scope of the incident. The investigation is ongoing, however we are currently unable to rule out unauthorized access to, or taking of, information stored on the Calitho network. Therefore, out of an abundance of caution, Calitho is providing notice of this incident to certain individuals whose information was stored within the Calitho network at the time of the incident.
What Information Was Involved? Our investigation determined that the following types of your information were present on Calitho’s systems at the time of the incident described above: name and Social Security number, driver’s license or state-issued identification number, passport number, military identification number, financial account number and health insurance information.
What We Are Doing. We have strict security measures in place to protect information in our care. Upon learning of this incident, we quickly took steps to confirm the security of our systems and investigate the incident. We worked quickly to secure our systems and implement additional network and endpoint monitoring. We notified the FBI of this incident and are notifying regulators, as necessary. Although we are unaware of any misuse of your information as a result of this incident, as an additional precaution, Calitho is offering you access to 24 months of complimentary credit monitoring services through IDX. Details of this offer and instructions on how to activate these services are enclosed with this letter.
