Posted On November 1, 2022 Consumer Privacy & Data Breaches
On October 19, 2022, Flambeau, Inc. filed notice of a data breach with the Attorney General of Maine after the company was the target of an apparent cyberattack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ first and last names, dates of birth, mailing addresses, and Social Security numbers. After confirming that consumer data was leaked, Flambeau began sending out data breach notification letters to all individuals who were impacted by the recent data security incident. Based on the most recent estimates, the Flambeau data breach leaked the information of 10,447 individuals.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Flambeau data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Flambeau, Inc.
The available information regarding the Flambeau breach comes from the company’s filing with the Maine Attorney General’s Office. According to this source, on July 27, 2022, Flambeau experienced an incident that disrupted the company’s access to its computer systems. In response, the company secured its systems and launched an investigation with the assistance of an outside cybersecurity firm in hopes of learning more about the nature and scope of the incident, as well as whether any consumer data was leaked as a result.
On September 16, 2022, the company’s investigation confirmed that personal information in its possession was accessible to an unauthorized party. Upon discovering that sensitive consumer data was made available to an unauthorized party, Flambeau began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your first and last name, date of birth, mailing address, and Social Security number.
On October 19, 2022, Flambeau sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1947, Flambeau, Inc. is a manufacturing company based in Baraboo, Wisconsin. Specifically, Flambeau specializes in designing and creating injection molded and blow-molded thermoplastic components, products, building of tools / tooling and fixtures, and contract manufacturing of complete assemblies. The company has multiple management groups, including the Automotive Group, Industrial Markets & Packaging Group, Retail Markets Group, Medical Markets Group and Tooling Group and its proprietary product divisions; ArtBin, Duncan, Flambeau Outdoors, Flambeau Fluid Systems, Flambeau Hardware, OrnaMates, and Flambeau Packaging & Storage Solutions. Flambeau employs more than 1,668 people and generates approximately $372 million in annual revenue.
Hackers and cybercriminals are constantly coming up with new ways to obtain consumers’ personal, financial and protected health information. Not surprisingly, Social Security numbers are one of the most targeted data types. This is because hackers can easily use Social Security numbers to steal victims’ identities or sell SSNs to other criminals who plan to do the same. But how do criminals profit off of stolen Social Security numbers?
Most people assume that a few unauthorized transactions are the extent of the damage a hacker can cause with your SSN in hand; however, that is not necessarily the case. Criminals have a few different ways to profit from stolen Social Security numbers.
The most common harm associated with a data breach involves hackers using your stolen information to open up a new line of credit in your name. In most cases, this involves a hacker applying online for a new credit card or personal loan. To do this, a hacker only needs your name, date of birth, address and Social Security number. However, once they have your name and Social Security number through a data breach, obtaining the other information is simple enough for these sophisticated criminals. For example, a cybercriminal may have access to your other information through a previous data breach, a database of compromised information, or by conducting an online search using the stolen information they already have.
Tax refund fraud involves a criminal filing a tax return in your name before you can file. The goal of tax refund fraud is to obtain a taxpayer’s tax refund. A hacker who steals your Social Security number can relatively easily file a fraudulent tax return on your behalf. And unfortunately, victims of tax refund fraud often don’t realize they’ve been targeted until the IRS rejects their tax return because it has already been filed. To reduce the chances of a hacker successfully committing tax refund fraud, you should file your tax return as soon as possible.
Opening up new cell phone and utility accounts are common methods hackers use to profit off of stolen information. In fact, the Federal Trade Commission reports that 13 percent of all fraud incidents in 2016 involved the creation of new phone and utility accounts. To open up a utility account, a hacker just needs your name, address and your Social Security number, all of which are available through most data breaches.
Those who have questions about their rights after a data breach and what they can do to hold a company responsible for leaking their information should reach out to an experienced data breach lawyer for assistance.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Flambeau data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Flambeau, Inc. (the actual notice sent to consumers can be found here):
On July 27, 2022, Flambeau experienced an incident disrupting access to certain systems within its digital network. Flambeau took immediate steps to secure its systems and promptly launched an investigation. Flambeau engaged independent digital forensics and incident response experts to determine what happened and investigate the extent of unauthorized activity in the environment. On September 16, 2022, Flambeau determined that personal information may have been potentially affected as a result of the incident. Although Flambeau has no reason to believe that any potentially affected information has been misused as a result of this incident, Flambeau has taken the necessary steps to notify all potentially impacted individuals.
Number of Maine Resident(s) Affected
Flambeau will notify one (1) Maine resident via first-class U.S. mail on October 19, 2022. The impacted information included the resident’s first and last name, date of birth, mailing address, and Social Security number. A sample copy of the notification letter is included with this correspondence.
Steps Taken Relating to the Incident
Following discovery of the data security incident, Flambeau implemented additional security features in its environment to reduce the risk of a similar incident occurring in the future. Additionally, Flambeau retained IDX, a company specializing in credit and identity monitoring services, to offer complimentary privacy and identity theft protection for 12 months to those with impacted Social Security numbers. These services also include credit and CyberScan monitoring, identity restoration, and a $1 million identity theft insurance policy. The affected resident was also provided with additional information about steps to take to protect his/her confidential information and privacy.
Flambeau remains dedicated to protecting the personal information in its control. If you have any questions or need additional information, please contact me at (214) 722-7141 or by e-mail at [Redacted].
Please let me know if you have any questions.