Posted On February 2, 2022 Consumer Privacy & Data Breaches
February 2, 2022 – Ever since the beginning of the COVID-19 pandemic, the rate of cybercrimes has increased dramatically, with an estimated 15 million people falling victim to these crimes each year. Often, a security breach is the result of a hacker bypassing a company’s data security systems to view, and possibly steal, consumer information. While no one knows what goes into a cybercriminal’s decision to select a company to target, it is not uncommon for hackers to seek out companies that have vulnerabilities in their data security systems.
Very recently, Luttrell Staffing Group reported that the company was the target of a malware attack. Evidently, on June 14, 2021, the Luttrell Staffing Group first noticed that certain files on the company’s network had been encrypted with malware. Malware is short for “malicious software.” Cybercriminals install malware over a network onto the victim’s device. From there, the program can wreak havoc, including scouring the network for valuable data that can be used for identity theft and other frauds.
The company has only recently sent written notice of the breach to affected parties on February 1, 2022.
Cyberattacks such as the one leading to the Luttrell Staffing Group data breach are increasingly common. These security breaches also raise serious concerns for consumers whose information is compromised as a result of the breach. In many cases, a malware attack such as this one exposes highly sensitive and personal consumer information which may be used to steal their identity.
Once a cybercriminal installs malware on a company’s network, they can access and remove sensitive consumer information from the compromised systems. And while companies will often be able to identify that certain files were accessible by the unauthorized party, they usually cannot confirm whether the hacker actually viewed the information on those files and, if so, what they intend to do with it.
If your information was compromised in the Luttrell Staffing Group data breach, it does not necessarily mean someone will steal your identity. However, you are at an increased risk. Thus, anyone in receipt of a Luttrell Staffing Group data breach letter should take all necessary steps to limit the risks of identity theft or other financial losses.
When you allowed Luttrell Staffing Group access to your personal data, you inherently trusted the company to keep your information secure. To be sure, anyone in your shoes would assume that a staffing company as large as Luttrell Staffing Group would take whatever preventative steps were necessary to reduce the likelihood of a malware attack. However, news of this data breach raises some very serious questions about the adequacy of the company’s data security measures leading up to the breach.
While a company targeted by a cybercriminal is certainly a victim, so too are the consumer’s whose information is compromised. In fact, companies have an ethical and legal obligation to protect the sensitive consumer information in their possession. While ensuring that a company has a robust data security system is costly, it is also a necessary expense when doing business in an environment where cyberattacks are common.
The U.S. consumer privacy and data breach laws permit consumers to bring data breach lawsuits against companies that misuse or mishandle their personal information. However, determining whether a company is legally responsible for a breach requires an in-depth investigation. Because news of the Luttrell Staffing security breach is still very recent, it is too early to tell if Luttrell Staffing Group can be held responsible. However, our data breach attorneys are investigating the Luttrell Staffing Group data security incident and its potential causes to determine the legal remedies those affected by the Luttrell Staffing Group breach may have against the company.
If you have questions about your ability to pursue a data breach class action lawsuit against Luttrell Staffing Group, contact a data breach attorney as soon as possible.
If you receive a Luttrell Staffing Group data breach letter, it means that your data was compromised in the recent cyber-security event. This also means that a hacker or other criminal actor may have accessed, viewed, and stolen your personal information. Given this reality, it is crucial that you remain vigilant by taking the following steps to protect yourself:
Luttrell Staffing Group is a staffing agency based in Kingsport, Tennessee, providing a variety of services to companies in Tennessee, Virginia, Georgia, Kentucky, Illinois, and California. While Luttrell Staffing Group is the business name used in all marketing and public communication, the legal name of the organization is Professional Personnel Services. The company specializes in recruiting qualified applications for administrative and light industrial job openings on behalf of businesses of all sizes. Currently, Professional Personnel Services generates more than $140 million in annual revenue, and was recently named as one of the largest U.S. staffing firms.
According to Luttrell Staffing Group, on June 14, 2021, the company became aware that certain files had been encrypted with malware by an unidentified party. In response, the company began an internal investigation to determine the scope of the incident, as well as whether any consumer information was compromised as a result. On December 27, 2021, Luttrell Staffing Group confirmed that an unauthorized party gained access to files containing names and Social Security between the dates of June 10, 2021 and June 23, 2021.
According to one source, as many as 42,886 employees, former employees and associates were impacted by this data security event. While the company was unable to confirm which files the unauthorized party actually accessed, and whether any data was removed from its servers, affected individuals should keep a lookout for signs of identity theft and fraud by closely monitoring their online accounts and credit reports.
Below is a copy of the initial data breach letter issued by Luttrell Staffing Group (the actual notice sent to consumers can be found here):
Professional Personnel Service, Inc., and its affiliated companies, d/b/a Luttrell Staffing Group (“Luttrell Staffing”) is writing to inform you of an event that may impact some of your information. While there is no evidence of any attempted or actual misuse of your information, we are providing you with information about this event, our response, and the steps you may take to further protect your information against identity theft and fraud, should you feel it necessary to do so.
What Happened? On June 14, 2021, Luttrell Staffing became aware that certain files on its computer system were encrypted with malware by an unknown actor. Luttrell Staffing promptly took steps to secure the impacted systems and its network and launched an investigation to determine the nature and scope of the event. The investigation determined that an unauthorized actor gained access to certain Luttrell Staffing systems between June 10, 2021 and June 23, 2021. As a result, the unauthorized actor may have had access to certain files within these systems and certain current and former employee and associate information may have been accessed or acquired by the unauthorized actor.
What Information Was Involved? Although the investigation was able to determine that certain Luttrell Staffing systems were accessed, it was unable to confirm what specific information was actually accessed. Therefore, Luttrell Staffing began a comprehensive review of the impacted files out of an abundance of caution to determine what information was present at the time of the incident. We are notifying you now because on or about December 27, 2021, this review determined that certain information related to you may have been impacted. This information includes your <<b2b_ text_2(name, data elements)>>.
What We Are Doing. The privacy and security of your information is among our highest priorities and we take this incident very seriously. Luttrell Staffing is reviewing its security policies and procedures, as well as working with cybersecurity specialists to reduce the risk of this happening in the future and implemented additional measures and security tools to further protect information in our systems. Luttrell Staffing is also working to provide additional training to employees regarding data privacy and security.
While we do not have any indications that fraud or identity theft has occurred as a result of this incident, we are offering twelve (12) months of complementary identity monitoring through Kroll as an added precaution. We also reported this incident to federal law enforcement and are notifying state regulators, as required.