Posted On September 20, 2022 Consumer Privacy & Data Breaches
On September 2, 2022, Reiter Affiliated Companies, LLC (“Reiter”) reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company detected unauthorized activity on its computer network. Based on the company’s filing with the Health and Human Services Office for Civil Rights, the incident resulted in consumers’ names, Social Security numbers and dates of birth being compromised. After confirming that consumer data was leaked, Reiter began sending out data breach notification letters to all individuals who were impacted by the recent data security incident. The company estimates that the recent data security incident impacted 93,000 people who entrusted Reiter Affiliated Companies and Reiter Affiliated Health and Welfare Plan with their information.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Reiter data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Reiter Affiliated Companies, LLC.
News of the Reiter data breach comes from the data breach portal maintained by the U.S. Department of Health and Human Services Office for Civil Rights, as well as a notice posted on the company’s website. According to these sources, on July 4, 2022, Reiter learned that it was the victim of a cyberattack when some of the company’s computer systems became inaccessible. In response, Reiter shut down access to and secured its computer network, notified law enforcement, and then engaged the assistance of a cybersecurity firm to investigate the incident.
The company’s investigation confirmed that one or more unauthorized parties gained access to the Reiter computer network between June 25, 2022 and July 4, 2022. The investigation also revealed that the unauthorized party stole files that contained sensitive consumer information.
After the investigation was complete, Reiter Affiliated Companies then reviewed the affected files to determine what information was compromised and who was impacted by the incident. While the breached information varies depending on the individual, it may include your name, Social Security number and date of birth.
On September 2, 2022, Reiter Affiliated Companies sent out data breach letters to all individuals whose information was compromised as a result of the breach.
Founded in 1868, Reiter Affiliated Companies, LLC is an agriculture company based in Oxnard, California. Reiter is the largest fresh, multi-berry grower in the world and provides more strawberries, raspberries, blueberries and blackberries than any other company in North America. The company maintains growing operations in California, Oregon, Florida, Mexico, Portugal and Morocco. Reiter Affiliated Companies employs more than 1,125 people and generates approximately $733 million in annual revenue.
In Reiter’s Notice of Security incident, the company notes that it “detected unauthorized activity on our company network that made certain systems unavailable.” While the company did not mention the type of cyberattack that resulted in the leaked consumer information, based on the company’s explanation, it is consistent with a ransomware attack.
A ransomware attack occurs when a hacker installs malicious software on a victim’s device or computer network or otherwise obtains access to a company’s IT system. Often, this is done in conjunction with an email phishing attack or by placing malicious code on the back end of an organization’s website. The malware encrypts the data on the victim’s device, preventing them from logging in. When the victim tries to log back into their computer, they see a message from the hackers demanding the company pay a ransom if it wants to regain access to its network.
Additionally, more recently, some hackers have started to threaten to post stolen data on the dark web if the ransom is not paid. This understandably adds to a company’s incentive to pay the ransom because no company wants to be responsible for their customers’ information being published on the dark web.
While Reiter has yet to confirm whether the company was the target of a ransomware attack, the company’s explanation of the events leading up to the breach would seem to suggest that is the case.
Given the frequency and risks of ransomware attacks, it is important for both consumers and businesses to understand what ransomware attacks are, how they can be prevented, and what can be done in their aftermath to reduce the worst consequences, including identity theft and other frauds. It is also essential for anyone who falls victim to a data breach to take the necessary steps to protect themselves.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Reiter data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Reiter Affiliated Companies, LLC (the actual notice sent to consumers can be found here):
Reiter Affiliated Companies, LLC (“RAC”) is committed to protecting the confidentiality and security of the information we maintain. We recently identified and addressed a security incident involving member information for the Reiter Affiliated Health and Welfare Plan and the Southern Pacific Farming, Inc. Health and Welfare Plan (each, a “Plan”).
On Monday, July 4, 2022, we detected unauthorized activity on our company network that made certain systems unavailable. From the moment we identified this activity, we shut down access to our network, activated our incident response plan, took steps to contain the activity, and launched an investigation. A cybersecurity firm that has assisted other companies in similar situations was engaged. We also notified law enforcement and are supporting their investigation.
The evidence showed that the unauthorized activity occurred between June 25, 2022, and July 4, 2022. During that time, an unauthorized person(s) obtained files stored on our network.
WHAT INFORMATION WAS INVOLVED?
We conducted a careful review of those files and identified Plan enrollment rosters containing Plan member names, Social Security numbers, and dates of birth.
WHAT REITER AFFILIATED COMPANIES IS DOING?
We are mailing letters to the individuals involved and arranged for all eligible individuals to receive access to credit and identity monitoring products through Equifax. To prevent something like this from happening again, we have taken steps to enhance our existing security measures.
WHAT CAN YOU DO?
RAC has arranged for all eligible individuals to receive access to credit and identity monitoring products through Equifax. We encourage individuals to activate the credit and identity monitoring products being offered. To enroll, or if you believe your information was involved in this incident and you have not received a letter by October 2, 2022, please call 855-965-4838, Monday through Friday, between 6:00 AM and 6:00 PM PST, except holidays.