Posted On February 3, 2022 Consumer Privacy & Data Breaches
February 3, 2022 – Recently, Heirloom Roses announced that the financial information of approximately 52,206 individuals was compromised in a data breach. Our data breach attorneys are investigating this cybersecurity incident to determine if consumers could have the grounds for a data breach class action lawsuit.
The company recently reported that, between February 2021 and October 26, 2021, an unauthorized party gained access to certain files on its servers through the use of “malicious code… added to the Heirloom Roses website for the purpose of capturing credit card data.” A subsequent investigation revealed that the files may have contained the following information:
According to reports, Heirloom Roses does not know which individuals’ information was actually accessed and cannot confirm that the unauthorized party retained any of the information.
However, anyone in receipt of an Heirloom Roses data breach notification letter may now face an increased risk of identity theft and other financial losses. Attorneys are now investigating this recent cybersecurity incident to determine whether the company took the necessary steps to keep your data secure and whether those impacted by the breach can pursue a data breach class action lawsuit.
A data breach occurs when a hacker or other unauthorized party secretly gains access to sensitive consumer information stored on a company’s servers through some kind of cyberattack. Once a hacker obtains consumer data, they may use the information to commit identity theft or for other criminal purposes. Sometimes hackers will sell the data they obtain through a cyberattack to the highest bidder.
No one can tell with certainty why a hacker targeted your data in a data breach or what they plan to do with it, but the fact that your sensitive information is in the hands of an unauthorized party puts you at a greater risk of identity theft.
As consumers, we all provide personal data to companies for a variety of reasons. We trust these companies to protect our private data and keep this information secure. Unfortunately, data breaches happen frequently.
Attorneys are investigating data events like this security breach to determine the legal rights of consumers who trusted corporations with their sensitive information. Often, hackers target companies that rely on outdated or otherwise inadequate data-security measures. If it is determined that Heirloom Roses did, in fact, fail to properly protect consumers’ data in some way, the individuals affected may be eligible to pursue compensation for their financial losses.
If you received a data breach letter from the company that experienced a security incident, it means that an unauthorized person—likely a criminal—may have accessed, viewed, and retained your personal information. While the company cannot know why the third party sought out your information and what they plan to do with it, the situation justifies a certain level of precaution on your part.
Below are a few ways to protect yourself from identity theft and the other possible financial risks that can stem from a data breach:
To protect and preserve their legal rights, it is highly recommended that individuals who received notice that their data may have been compromised immediately reach out to an experienced data breach attorney.
Companies have an ethical and legal duty to protect consumers’ financial information. While developing and implementing a comprehensive and up-to-date data-security system is costly, this is a necessary cost of doing business in an environment where cyberattacks and data breaches are common.
Data breach laws are complex, and just because your information may have been accessed while in Heirloom Roses’ care doesn’t necessarily make this company legally responsible. However, if a company fails to take appropriate actions to protect consumers’ sensitive information, it may face liability through a data breach class action lawsuit.
If you received a data breach notification letter, it is important that you not only protect yourself from possible fraud but also preserve your legal rights by speaking to a data breach attorney. Consumer privacy lawyers are undertaking investigations in legal matters involving all types of data breaches, ransomware attacks, and cyberattacks on a no-win, no-fee basis.
Find a copy of the data breach letter here.
Dear [RECIPIENT]:
I am writing to inform you of an incident experienced by our company that may have involved your information described below. We take the privacy and security of all information very seriously. That is why we are providing you with information about steps you can take to help protect your information, and information about complimentary identity monitoring services we are offering you.
What Happened: On August 12, 2021, we were alerted of potentially fraudulent activity related to our customers’ payment card information. Upon discovery, we immediately took steps to secure our website and began an internal investigation. Further, we engaged third-party forensic specialists to assist with a thorough investigation. Our investigation confirmed that malicious code was added to the Heirloom Roses website for the purpose of capturing credit card data beginning in February 2021, which may have continued intermittently until as late as October 26, 2021. After taking time to complete a full forensics evaluation of our site we have obtained a list of consumers potentially impacted and worked to obtain sufficient address information and provide the notification.
What Information Was Involved: The information potentially affected includes your name, in combination with your credit card information entered on our website.
What We Are Doing: Upon learning of this incident, we immediately took steps to confirm the security of our website. With the assistance of third-party forensic specialists, we further performed a thorough review of our website to ensure any unauthorized code was removed, as well as to implement technical measures to prevent a similar incident from occurring in the future. Additionally, we are notifying potentially impacted individuals and offering complimentary identity monitoring services for 12 months.
What You Can Do: We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your credit reports/account statements for suspicious activity and to detect errors. If you discover any suspicious or unusual activity on your accounts, please promptly contact your financial institution or company. You may also activate the complimentary identity monitoring we are making available to you. Due to privacy laws, we cannot activate on your behalf. Additional information regarding how to activate the complimentary services is enclosed in the attached “Steps You Can Take to Help Protect Your Information.”
For More Information: Should you have questions or concerns regarding this matter, please contact us at 1-???-???-????, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding some U.S. holidays. Please have your membership number ready.
The security of information is of the utmost importance to us, and we will continue to take steps to protect information in our care.
