Posted On November 6, 2022 Consumer Privacy & Data Breaches
On November 1, 2022, Morrison Products, Inc. filed notice of a data breach with the Montana and Texas Attorneys General after learning that an unauthorized party hacked into the company’s computer system and accessed sensitive information pertaining to certain employees. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to employees’ names, addresses, and Social Security numbers. After confirming that consumer data was leaked, Morrison Products began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Morrison Products data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Morrison Products, Inc.
The available information regarding the Morrison Products breach comes from the company’s filings with the Attorneys General of Texas and Montana. According to these sources, on February 25, 2021, the Morrison Products IT department detected unusual activity within the company’s computer system. In response, the company secured its network and launched an investigation into the incident with the help of third-party data security professionals.
On February 10, 2022, Morrison Products’ investigation confirmed that an unauthorized party had gained access to the company’s computer system, including files containing sensitive information about certain employees.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Morrison Products began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address and Social Security number.
On November 1, 2022, Morrison Products sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1923, Morrison Products, Inc. is a building supply manufacturer based in Cleveland, Ohio. The company creates a range of stamped metal products, automotive parts, blower wheels, and air-moving equipment. Morrison Products has facilities in Ohio, Indiana, Georgia, Texas, and Apodaca, Juarez and Santa Catarina, Mexico. In 2018, the company acquired Lau Industries, its first and only acquisition. Morrison Products employs more than 460 people and generates approximately $127 million in annual revenue.
Social Security numbers have become the “unofficial national identifier” of the United States. Almost everyone has a Social Security Number, and the government and companies use these numbers to track our income and verify our identity. Thus, a leaked Social Security number is very concerning because it gives criminals almost everything they need to conduct identity theft.
Hackers and cybercriminals are constantly coming up with new ways to obtain consumers’ Social Security numbers because hackers can easily use SSNs to steal victims’ identities. But how do criminals profit off of stolen Social Security numbers?
Most people assume that a few unauthorized transactions are the extent of the damage a hacker can cause with your SSN in hand; however, that is not necessarily the case. Criminals have a few different ways to make money off of stolen Social Security numbers.
The most common harm associated with a data breach is that a criminal uses your information to open up a new credit card account or loan. This is fairly easy to do online, and criminals usually don’t need any additional information other than what they obtained through the data breach. For example, to open up a credit card or loan, a hacker only needs your name, date of birth, address and Social Security number. If a criminal is missing one or more of these, obtaining the missing information is usually easy enough; for example, they may have access to your other information through a previous data breach, a database of compromised information, or by conducting an online search using the stolen information they already have.
Tax refund fraud is when a criminal files an IRS tax return in your name before you can file your actual return. The goal of tax refund fraud is to obtain your tax refund. Unfortunately, victims of tax refund fraud often don’t realize they’ve been targeted until the IRS rejects their tax return because, in the IRS’s eyes, it has already been filed. To reduce the chances of a hacker successfully committing tax refund fraud, you should file your tax return as soon as possible.
Opening up new cell phone and utility accounts are common methods hackers use to profit off of stolen information. In fact, the Federal Trade Commission reports that 13 percent of all fraud incidents in 2016 involved the creation of new phone and utility accounts. To open up a utility account, a hacker just needs your name, address and your Social Security number, all of which are available through most data breaches.
Hackers can also take your stolen SSN and apply for public benefits, such as disability benefits or Social Security benefits, in your name. They have also been known to reroute benefits that victims are currently receiving to their own accounts.
Those who have questions about their rights after a data breach and what they can do to hold a company responsible for leaking their information should reach out to an experienced data breach lawyer for assistance.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Morrison Products data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Morrison Products, Inc. (the actual notice sent to consumers can be found here):
Dear [Redacted],
Morrison Products takes the privacy and security of your information very seriously. Thus, we are informing you of a data security incident that may have involved your personal information. This notice explains the incident, provides you with steps you can take to protect your information, and offers you complimentary credit monitoring and identity protection services.
What happened? On February 25, 2022, our IT team detected unusual activity in our systems. In response, we immediately shut down some systems and began an investigation with the help of third-party cybersecurity experts and incident response professionals. After a thorough investigation, it was determined that on or about February 10, 2022, an outside party gained access to our computer systems, including potentially those that store information relating to your employment with us. Because we take this incident seriously, Morrison diligently worked to assess what information of yours was stored on our systems. However, despite this thorough review, the investigation team was unable to determine whether your specific information was accessed or taken. Out of an abundance of caution, we are notifying you to provide you with steps you can take to protect your information.
What Information Was Involved? The information that was stored in our system varied but potentially could have included things such as your name, [Redacted].
What We Are Doing: In addition to the steps described above, we are working with cybersecurity experts to enhance the security of our digital environment and prevent a similar incident from occurring in the future. We also notified the Federal Bureau of Investigation and will provide whatever assistance is necessary to hold the perpetrators accountable. Additionally, we are offering you complimentary identity theft protection services through IDX. These services include: [Redacted] of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services.
What You Can Do: We encourage you to contact IDX with any questions and to enroll in the free identity protection services by calling 1-833-909-4421 or going to [Redacted] and using the Enrollment Code above. IDX representatives are available Monday through Friday from 9 am – 9 pm Eastern Time. Please note the enrollment deadline is February 1, 2023. Again, at this time, there is no evidence that your information has been misused.
For More Information: Please call 1-833-909-4421 or go to [Redacted] for help or for any questions you may have. You will need to reference the enrollment code at the top of this letter when calling or enrolling online, so please do not discard this letter.
