Posted On November 29, 2022 Consumer Privacy & Data Breaches
On November 23, 2022, Columbia Grain International, LLC filed notice of a data breach with the Attorney General of Montana after learning that an unauthorized party was able to access sensitive information stored on the company’s computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ first and last names as well as other sensitive information. While the Montana AG’s Reported Data Breach Incidents website does not provide the specific information that was leaked, it likely included one or more of the following: Social Security numbers, protected health information, government identification numbers or financial account information. After confirming that consumer data was leaked, Columbia Grain began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Columbia Grain data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Columbia Grain International, LLC.
The available information regarding the Columbia Grain International breach comes from the company’s filing with the Montana Attorney General. According to this source, on March 21, 2022, Columbia Grain experienced a network intrusion that affected a portion of the company’s computer network. In response, Columbia Grain secured its network and then began working with a third-party data security firm to investigate the incident and determine what, if any, consumer information was leaked as a result.
Unfortunately, Columbia Grain has not yet posted notice of the breach on its website and the information included on the Montana AG’s site does not disclose the specific data types that were compromised. However, only those companies that experience a breach involving consumers’ names and one or more of the following are required to report a data breach:
Thus, it is likely that the Columbia Grain International breach involved this type of information.
On November 23, 2022, Columbia Grain International sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1978, Columbia Grain International, LLC is a worldwide supplier of conventional and organic grain, pulses, edible beans, and oilseeds. The company’s supply chain network consists of more than 8,000 farmers across the United States. Columbia Grain International employs more than 191 people and generates approximately $99 million in annual revenue.
Being the victim of a data breach means that your sensitive information has ended up in the hands of a total stranger—and likely someone who plans to use your information for criminal purposes. So, as soon as you learn about a data breach, it is important to do whatever you can to protect yourself from falling victim to identity theft or fraud. However, this isn’t always easy because, by the time you get a data breach letter, it’s often been months since your information found its way into hackers’ hands. For example, the Columbia Grain breach occurred in March 2022, but consumers affected by the breach are only now learning about the incident. However, despite this lapse of time, there are still steps you can take to protect your information.
Below is a list of things to consider as soon as you learn your information was compromised in a breach. However, keep in mind that this is not an exhaustive list, especially if your Social Security number or financial account numbers were leaked as a result of the breach. These situations may justify further action on your part.
Companies are required to send all data breach victims a letter if their information was leaked as a result of a cyberattack. So, the first thing to do after receiving a data breach letter is to carefully review this data breach letter to determine whether your information was leaked and, if so, what data was compromised. Data breach letters also contain important information about how the unauthorized party accessed your information, what the company has done since then to prevent future leaks, and whether there have been any reports of identity theft or fraud from other victims. These letters also contain a contact number you can call if you have any questions that were not answered in the letter.
It’s no surprise that you should check your bank accounts and credit card accounts immediately after a data breach. This is because, most of the time, hackers will try to use your information right after the breach to ensure that it’s “fresh” and that you haven’t closed your accounts. However, if a breach does not provide hackers with all the information they need, it may take them a while to gather the information they need. For this reason, it may not be until weeks or months after a breach that hackers can use the stolen information. Therefore, it is imperative that you frequently check all your online accounts to monitor for any suspicious activity.
Credit monitoring is a fee-based service that alerts you to any suspicious activity on your credit profile. On average, credit monitoring costs consumers between $20 to $40 per month. However, companies usually offer victims of a data breach free credit monitoring for a period of time—usually between one to two years. Indeed, Columbia Grain Petroleum is providing victims of the breach with this service for one year. Signing up for credit monitoring is simple, and doing so provides you with an easy way to keep an eye on your credit profile. Moreover, enrolling in credit monitoring does not impact your ability to file a data breach lawsuit against a company that leaked your information.
Fraud alerts and credit freezes are two free services offered by the three major credit bureaus (TransUnion, Equifax, and Experian). A fraud alert lets any company that pulls your credit know that you suspect someone is trying to fraudulently use your information. A credit freeze offers an additional layer of protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly explained that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Columbia Grain data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Columbia Grain International, LLC (the actual notice sent to consumers can be found here):
Columbia Grain International, LLC (“Columbia Grain”) writes to notify you of a recent incident that may have involved some of your information as described below.
Columbia Grain takes the privacy of information in its care seriously. At this time, there is no evidence to suggest that any of your information was fraudulently misused. In an abundance of caution, Columbia Grain is providing you information about the incident, its response, and steps you can take to help protect your information if you feel it is necessary to do so.
On or around March 21, 2022, Columbia Grain experienced a network intrusion that affected a limited number of systems. Upon discovery, Columbia Grain immediately took steps to secure its network and engaged a third-party forensic firm to investigate the incident. On August 15, 2022, after a thorough investigation, Columbia Grain discovered that a limited amount of information may have been accessed by an unauthorized third party in connection with this incident.
At this time, there is no indication that your information has been fraudulently misused. However, Columbia Grain is providing this notification to you in an abundance of caution and so that you may take steps to safeguard your information if you feel is it necessary to do so.
What Information Was Involved:
The potentially accessed information may have included your first and last name, in combination with your [Redacted].
What We Are Doing:
Columbia Grain has taken steps to address the incident and is committed to protecting information in its care. Upon learning of this incident, Columbia Grain immediately took steps to secure its systems and to enhance the security of its network.
As an additional safeguard for your information, Columbia Grain has secured the services of Kroll to provide identity monitoring at no cost to you for one year. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Your identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
Additional information describing your services is included with this letter.
Due to state and federal privacy laws, Columbia Grain cannot activate your services directly. If you wish to take advantage of this complimentary identity monitoring service, you must activate yourself.
What You Can Do:
In addition to activating the complimentary identity monitoring service detailed within, Columbia Grain recommends that you remain vigilant in regularly reviewing and monitoring all of your account statements and credit history to guard against any unauthorized transactions or activity. If you discover any suspicious or unusual activity on any of your accounts, please promptly change your password, notify your financial institution or company if applicable, and take any additional steps needed to protect your account(s). Additionally, please report any suspicious incidents to local law enforcement and/or your state Attorney General. Please review the additional information below, which contains more information about steps you can take to help protect yourself against fraud and identity theft.
For More Information:
Should you have questions or concerns regarding this matter, please do not hesitate to call our dedicated call center at [Redacted], Monday through Friday 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays or to write us at 1300 SW 5th Avenue, 29th Floor, Portland, OR 97201.
Columbia Grain takes the security of information entrusted to our care very seriously. While it is regrettable this potential exposure occurred, please be assured Columbia Grain is taking appropriate actions to rectify the situation and prevent such incidents in the future.