Posted On December 21, 2022 Consumer Privacy & Data Breaches
December 21, 2022 – After a ransomware attack exposed sensitive consumer information in their possession, Louise W. Eggleston Center, Inc. (“Eggleston”) filed notice of a data breach with the Maine Attorney General’s office on December 16, 2022. According to the filing, an unauthorized party gained access to consumer information such as full names, driver’s license numbers, non-driver ID numbers, Social Security numbers, financial account numbers and access codes, and military ID numbers. Once it was confirmed that there was a consumer data leak, Eggleston sent out notification letters to all individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Eggleston data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Louise W. Eggleston Center, Inc.
The Louise W. Eggleston Center, Inc is a non-profit organization that provides training, education, and employment for those with disabilities. Originally founded in 1955 as Tidewater Vocational Center, the organization now has 33 programs and 22 locations across the Hampton Roads area that it uses to serve hundreds of individuals.
Eggleston offers many employment opportunities through the businesses that they operate. They are involved in industries such as landscaping, garden centers, laundry, food service, custodial services, and business fulfillment. They employ hundreds of people and generate approximately $67 million in revenue annually.
According to the Maine Attorney General’s “Data Breach Notifications” page, Louise W. Eggleston Center determined that it had been the target of a ransomware attack when it realized that its computer systems were suddenly encrypted on October 12, 2022. The hackers left a ransom note after the cyberattack. Eggleston then notified law enforcement. It hired a third-party cybersecurity company to investigate the attack and began securing its systems.
The focus of the investigation by Eggleston was the cause of the breach. It wanted to know if any consumer information was leaked because of the attack. After learning that the consumer data was, in fact, exposed to a third party, Eggleston’s next step was to review the files and determine what information was made available. The types of information exposed were first and last names, Social Security numbers, financial account numbers, access codes, military ID numbers, driver’s license numbers, and non-driver ID numbers. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On December 16, 2022, Eggleston Services sent out letters to all individuals whose sensitive information had been compromised.
Though most people are aware of ransomware attacks, the details of these cyberattacks and the harm they cause are not as well known. Ransomware attacks are a type of cyberattack affecting millions of people annually.
Hackers use ransomware, a type of malware, or malicious software, to gain access to a company’s network and block them from accessing it. They use encryption to block that access and make them inaccessible to anyone without an encryption key to decode the files. Hackers will then hold the information hostage and demand a ransom for access to their network back, hence the term “ransomware.” Sometimes companies can’t continue functioning without their computer network and have to shut down. Other times, they are willing to negotiate.
Not only have hackers kept the company from accessing its own data, but recently, as an extra incentive, hackers have started threatening to release the information to the dark web if not paid by the company. This is known as a double-extortion attack. They will often send a sample of the sensitive information to the company called a “proof pack” to prove that they actually possess the stolen information.
Ransomware attacks can start in several different ways. Often, these attacks start with a phishing email. Phishing is when hackers send someone who works at the company a fraudulent email claiming to be from a legitimate source. The purpose is to get the company employee to provide information or click on a suspicious link to gain access to the company’s network. These ransomware attacks are avoidable if companies train employees to recognize and report phishing emails.
Data security systems can also be used to deter ransomware attacks. By ensuring its security system is up-to-date, companies can prevent hackers from finding and taking advantage of the vulnerabilities of outdated security systems. The technology would also allow them to detect and prevent attacks before they happen, limiting the damage caused by them.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Louise W. Eggleston Center, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Louise W. Eggleston Center, Inc. (here is the actual notice sent to consumers):
Dear [Redacted],
At Louise W. Eggleston Center, Inc. (“Eggleston”), we take our obligation to safeguard your personal information seriously. We are contacting you concerning an incident that recently occurred that may have resulted in an unauthorized access to your personal information. We are notifying you of this event and the steps you can take to safeguard this information. We have also arranged to provide you with free credit monitoring as described below.
What Happened
Unfortunately, on or about October 14, 2022, Eggleston discovered that it was the victim of a ransomware attack. Ransomware crime has impacted over 1000 businesses in the United States this year alone and, unfortunately, Eggleston became a victim of it as well. Ransomware is a form of malware used by cyber-criminals to block access to files, and, in some cases, to extract and hold data hostage until a ransom is paid. We discovered this breach when criminals encrypted our files, including files storing personal information, and when the criminals shared their ransom note with us. We are not certain when the criminals began their covert breach of our system but once it was discovered, Eggleston took immediate steps to secure our systems, investigate the incident, and to determine what, if any information may have been impacted.
We also notified appropriate law enforcement entities such as the Virginia State Fusion Center and the FBI and provided information to assist them in their investigations. In addition, we engaged leading outside cybersecurity experts to assist us with our investigation, recovery, and enhancing our security measures.
What Information Was Involved
The results of our investigation did not determine conclusively what information the unauthorized party may have accessed or what information, if any, was acquired by the cyber-criminal. However, out of an abundance of caution, we are notifying you that it is possible that your information may have been impacted and that the information may have included one or more of the following types of information stored on the affected Eggleston systems: full name, social security number, driver’s license number/non-driver ID number, financial account number and access code, military ID number.
What We Are Doing
In response to this incident, we enhanced our existing security measures and implemented new safeguards to protect against future cybersecurity threats. We continue to evaluate additional actions to further strengthen our security posture.
What You Can Do
You should always remain vigilant about monitoring your financial accounts and credit reports for any suspicious activity. We want to take this opportunity to provide you with additional information and resources about data security and protection. Please review the additional information enclosed with this letter.
In addition, to help address your concerns, and restore confidence, Eggleston has secured the services of Experian to provide credit/identity monitoring services at no cost to you for one year. Experian is a leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Your identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration. The enclosed Reference Guide provides more information about the services and how to register for them, directions for requesting credit reports, and additional recommendations on the protection of personal information.
If you have any questions regarding the credit monitoring services, please call (877) 653-0303 toll-free Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). Be prepared to provide your engagement number: [Redacted].
For More Information
We understand the concern and frustration you must be experiencing as a result of this incident, and regret any inconvenience this may cause, but rest assured, we are committed to supporting you.
