Posted On August 3, 2022 Consumer Privacy & Data Breaches
August 3, 2022 – On August 1, 2022, the Southwestern Family of Companies (“Southwestern”) reported a data breach after the company learned that an unauthorized actor had gained access to its computer network, including files containing sensitive consumer data. News of the Southwestern breach is still fresh, and the company has not yet publicly released the data types compromised as a result of the attack, information about the breach is limited. However, recently, Southwestern began sending out data breach notification letters to all individuals who were impacted by the recent data security incident, explaining what led up to the incident, the specific information that was leaked, and what individuals affected by the breach can do to protect themselves from identity theft and other frauds.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Southwestern data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Southwestern Family of Companies.
According to an official notice filed by the company, on November 17, 2021, Southwestern detected suspicious activity across its IT systems. In response, with the assistance of cybersecurity professionals, Southwestern launched an investigation to determine the nature and scope of the incident, as well as whether it resulted in any consumer data being exposed.
On March 1, 2022, the company’s investigation revealed that an unauthorized person gained access to a limited number of files on the Southwestern network.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Southwestern then reviewed the affected files to determine what information was compromised and which consumers were impacted. Southwestern completed this review on June 21, 2022. The company’s official filing does not mention the specific data types that were compromised. However, state data breach reporting laws require companies to report a breach anytime a consumer’s name and one or more of the following data types are leaked: Social Security numbers, driver’s license numbers, bank or credit card account numbers, or medical records. Thus, it is likely that the Southwestern breach involved one or more of these data types.
On August 1, 2022, Southwestern sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1855, the Southwestern Family of Companies is a holding company based in Nashville, Tennessee. Southwestern Family of Companies owns and operates several smaller businesses, including the following:
Southwestern employs more than 150 people and generates approximately $40 million in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Southwestern data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Southwestern Family of Companies (the actual notice sent to consumers can be found here):
The Southwestern Family of Companies (“Southwestern”) writes to inform you of an incident that may affect the security of some of your personal information. This notice provides information about the incident, our response, and resources available to you to help protect your information from possible misuse, should you feel it necessary to do so.
What Happened? On November 17, 2021, Southwestern discovered suspicious activity impacting the operability of certain systems. We quickly launched an investigation to determine the nature and scope of the activity, working with industry-leading computer forensics specialists to determine what happened and what information may have been affected. The investigation identified a limited number of files and folders as potentially accessed by an unknown actor. We completed a thorough review to determine whether sensitive information was present in the impacted files and folders. The initial review was completed on or about March 1, 2022. We then worked to validate the data mining results, confirm the identities of potentially affected individuals, and locate address information for individuals whose personal information was accessible within the files. This further analysis was completed on or about June 21, 2022.
What Information Was Involved? The investigation could not confirm whether information related to you was accessed or viewed during this incident. However, Southwestern is notifying you out of an abundance of caution because information related to you was identified in the files that were potentially accessed by an unknown actor. The information related to you that was potentially accessible includes your name [Redacted]. To date, Southwestern has not received any reports of actual or attempted misuse of your information.
What We Are Doing. We take this incident and the security of personal information in our care seriously. Upon learning of this incident, we moved quickly to investigate and respond to the incident, assess the security of relevant systems, and notify potentially affected individuals. Our response included resetting relevant account passwords, reviewing the contents of the impacted systems to determine whether they contained personal information, and reviewing internal systems to identify contact information for purposes of providing notice to potentially affected individuals. As part of our ongoing commitment to the security of information, we are also reviewing existing policies and procedures to reduce the likelihood of a similar future incident. Southwestern is notifying relevant state and federal regulators, if required.
As an added precaution, we are also offering you access to complimentary credit monitoring and identity protection services for [Redacted] months through Equifax. These services include fraud consultation and identity theft restoration services. If you wish to activate the credit monitoring and identity protection services, you may follow the instructions included in the Steps You Can Take to Help Protect Personal Information.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors. You may also review the information contained in the attached Steps You Can Take to Help Protect Personal Information. There, you will also find more information on the credit monitoring and identity protection services we are making available to you. Although Southwestern will cover the cost of these services, we are unable to enroll on your behalf, and you will need to complete the activation process.
For More Information. We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions, please call our call center at 855-601-2439, Monday through Friday, excluding holidays.
We sincerely regret any inconvenience or concern this incident may have caused.