Posted On December 5, 2022 Consumer Privacy & Data Breaches
On December 5, 2022, Macmillan filed notice of a data breach with the Attorney General of Texas after the company experienced what appears to have been a successful ransomware attack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, Social Security numbers, driver’s license numbers and financial account information. After confirming that consumer data was leaked, Macmillan began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Macmillan data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Macmillan.
The available information regarding the Macmillan Publishers breach comes from the company’s filing with the Texas Attorney General’s office. A Macmillan spokesperson also provided a statement to a preeminent data security news outlet, providing additional information about the incident. According to these sources, around June 25, 2022, Macmillan detected a potential cybersecurity threat after learning that some files on its network had been encrypted. In response, Macmillan took all affected servers offline and began investigating the incident and what, if any, consumer data was leaked as a result.
While there hasn’t been an official statement from Macmillan since shortly after the attack, it appears that the company completed its investigation and determined that at least some of the files hackers had access to contained confidential consumer information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Macmillan Publishers began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, driver’s license number and financial account information.
On December 5, 2022, Macmillan Publishers sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. While the exact number of people who were impacted by the Macmillan breach has not yet been determined, the Texas Attorney General reports that there were 1,193 victims in Texas alone.
Macmillan is a book publishing company based in New York, New York. The company operates in 70 countries, with imprints in the United States, Germany, the United Kingdom, Australia, South Africa, and India. Macmillan has eight divisions in the United States, including Celadon Books; Farrar, Straus and Giroux; Flatiron Books; Henry Holt and Company; Macmillan Audio; Macmillan Children’s Publishing Group; The St. Martin’s Publishing Group; and Tor Publishing Group Macmillan is a wholly owned subsidiary of the Holtzbrinck Publishing Group, based in Stuttgart, Germany. Macmillan Publishers employs more than 539 people and generates approximately $58 million in annual revenue.
A double-extortion attack is a type of ransomware attack where hackers not only lock a company out of its own computer system but also threaten to leak any stolen consumer information to the dark web if a company does not pay the demanded ransom.
Ransomware is a type of malicious software, or malware, that hackers use to block access to a company’s computer network. Typically, once ransomware is installed on a computer or network, it encrypts the data on the company’s computer network, preventing the organization from accessing all of its files. Encryption is a process that encodes files, making them inaccessible to anyone without the encryption key (which is usually a password). In fact, some companies have to shut down operations after a ransomware attack.
Once hackers have access to a company’s network, they essentially hold the information contained on the network hostage—demanding the company pay a ransom if it wants to regain access. Usually, hackers give a company a certain amount of time to pay the ransom. Sometimes, the hackers will extend the period of time if the company indicates it would like to negotiate.
However, when carrying out a ransomware attack, hackers also obtain access to the contents of the files from the company’s server. In a double-extortion attack, the hackers add to a company’s incentives by threatening to publish any stolen data on the dark web if it refuses to pay the ransom. To verify hackers’ claims that they have sensitive information from the company’s servers, hackers will often send the company a “proof pack,” which contains a sample of the stolen information.
Often, ransomware attacks start off with a phishing email. Phishing is a technique where the hackers send someone at the company an email, hoping to get them to provide the hacker with access to their company’s computer network. In the email, hackers either try to trick the employee into giving them information or clicking on a malicious link. In either case, hackers use this as a point of entry to orchestrate the attack. In this way, many ransomware attacks are preventable because companies can train employees to recognize phishing emails.
To deter ransomware attacks, companies can also invest in robust data security systems. Hackers have superior technical knowledge that allows them to exploit vulnerabilities in outdated or inadequate data security systems. By maintaining a cutting-edge security system, companies can prevent many of these attacks and may be able to recognize signs of an intrusion much earlier, limiting the impact of the attack.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Macmillan data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.