Posted On October 12, 2022 Consumer Privacy & Data Breaches
On October 10, 2022, The Scoular Company filed notice of a data breach with the Montana Attorney General after an incident where an unauthorized party was able to gain access to sensitive consumer information stored on the company’s computer system. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, other government ID numbers, credit card numbers, financial account numbers, medical information, and health insurance information. After confirming that consumer data was leaked, Scoular began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Scoular data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from The Scoular Company.
The available information regarding the Scoular breach comes from the company’s filing with the Montana Attorney General’s Office. According to this source, in January 2022, Scoular was informed by a third party that an unauthorized party had accessed information stored on the company’s computer network. In response, Scoular shut down all unauthorized access, contacted law enforcement, and launched an investigation into the incident with the assistance of an outside cybersecurity firm.
The company’s investigation confirmed that an unauthorized person had gained access to the company’s network. The investigation also revealed that the files subject to unauthorized access contained confidential information pertaining to certain individuals.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Scoular began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, driver’s license number, passport number, other government ID number, credit card number, financial account number, medical information, and health insurance information
On October 10, 2022, Scoular sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1892, The Scoular Company is a logistics and supply chain management company based in Omaha, Nebraska. Scoular specializes in developing solutions related to the transport and storage of grain and other raw materials for clients in the following industries: farmers, grain producers, animal feed manufacturers, aquafeed manufacturers, pet food manufacturers, distilleries, food and beverage manufacturers and renewable energy producers. Scoular is a privately-owned company that employs more than 1,000 people and generates approximately $326 million in annual revenue.
More than 320 million people had their personal information leaked as a result of a data breach in 2020—an all-time high. These incidents are not only frustrating but can also end up costing you and your family thousands of dollars, not to mention countless hours spent trying to reverse the effects of identity theft. Given the frequency with which these breaches occur, it is essential that you know what to do in the event your information is leaked in a data breach.
Below is a list of things to do if you receive a data breach letter from Scoular or any other company. Keep in mind that while this list serves as a starting point, you may consider taking additional steps to protect yourself if the breach resulted in highly sensitive information being compromised, such as your Social Security number or bank account information.
When you receive a data breach letter in the mail, the first thing to do is read it carefully to determine what information was compromised. The data breach letter will not only tell you what information of yours was leaked but also how the breach occurred and what the company has done since then to prevent similar incidents from happening. If the company has already received reports of other victims experiencing identity theft, it may mention this in the letter as well.
Once a hacker obtains your information, they will typically try to use it to commit fraud or identity theft as quickly as possible to prevent you from having the chance to close your accounts. However, depending on the situation, it may take some time for criminals to obtain other information they need to steal your identity. Thus, it is imperative that you frequently check your online bank and credit card accounts, as well as your credit report. Don’t forget to check on all your accounts, even those that were not compromised in the breach.
Credit monitoring is a fee-based service that alerts you to suspicious activity regarding your credit profile. Credit monitoring typically costs between $20 and $40 per month. However, companies usually offer victims free credit monitoring for a period of time—usually between one to two years. Indeed, Scoular indicates that it will provide victims of the breach with 24 months of free credit monitoring. It is always a good idea to sign up for free credit monitoring, as it can help you determine if an unauthorized party is trying to access your credit. Further, signing up for free credit monitoring doesn’t impact your rights to bring a data breach lawsuit against the company that leaked your information if the company was negligent leading up to the breach.
All three major credit bureaus allow you to place a fraud alert or credit freeze on your credit accounts for free. A fraud alert notifies banks, credit card companies and other creditors that your information was recently exposed, putting them on notice that the person applying for credit in your name may be an imposter. A credit freeze offers additional protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly explained that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Scoular data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by The Scoular Company (the actual notice sent to consumers can be found here):
We are writing to inform you that Scoular recently experienced a security event where confidential information was accessed by an external unauthorized party. Although we are unaware of any actual misuse of this information, we are providing notice to you about the incident. Please read this notice carefully, as it provides up-to-date information on what happened and what we are doing, as well as information on how you can obtain, at no cost to you, identity monitoring and restoration services.
On January 20, 2022, Scoular was alerted to activity indicating unauthorized access by a third party to information on our internal network. Upon detection, we took immediate steps to shut down further access to the impacted systems. We were able to contain the unauthorized access after following our internal processes. We reported the event to law enforcement and worked with external cybersecurity experts to investigate the event and determine what happened, what data was impacted, and to whom the data belonged. Through the investigation, we learned that the unauthorized third party was able to acquire a set of files with confidential data from our internal network.
What information was involved?
Scoular began a thorough process to determine if the files contained personal information, and if so, who was affected and the types of information that were affected. This analysis was time consuming. We completed this process on August 1, 2022 and determined that your personal information was accessed and/or acquired. The potential types of information accessed could include name, date of birth, Social Security number, driver’s license number, passport number, other government ID number, credit card number, financial account number, medical information, and health insurance information.
What we are doing:
Please see Attachment A for details regarding these complimentary identity monitoring and identity theft restoration services, as well as how to activate with your unique activation code.
You must enroll by [Redacted] to receive these services.
What you can do:
In addition to enrolling in the identity monitoring and restoration services being offered to you at no charge, we encourage you to take the following precautions:
It is always a good idea to remain vigilant against threats of identity theft or fraud and to regularly review and monitor your account statements and credit history for any signs of unauthorized transactions or activity.
If you ever suspect that you are the victim of identity theft or fraud, you can contact your local police. Additional information about how to protect your identity is contained in Attachment B.
For more information:
Scoular has established a dedicated call center to answer questions about the cybersecurity event as well as the Kroll services that we are offering to you. If you have any questions, please call the call center at (855) 544-2868 Monday through Friday from 7:00 a.m. to 7:00 p.m. ET.