Posted On February 21, 2023 Consumer Privacy & Data Breaches
February 21, 2023 – After a ransomware attack involving sensitive student information being encrypted, Tom James Company filed a notice of a data breach with the Montana Attorney General on February 17, 2023.
According to the filing, an unauthorized party encrypted and accessed confidential consumer information like names and Social Security numbers. Once it was confirmed that there was a data leak, Tom James sent out notification letters to all individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Tom James data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving financial compensation from Tom James Company.
Tom James Company manufactures custom clothes for men and women and does home fittings. The company sells under the Tom James name but also uses Holland & Sherry and Oxxford Clothes. Originally founded in 1966 in Franklin, Tennessee, Tom James now generates approximately $869 million in revenue yearly and employs over 320 people.
According to its filings with the Attorney Generals of Montana and Maine, Tom James was contacted by a hacker who claimed to have breached and stolen company files in August 2022. Tom James then ensured the security of its computer network and launched an investigation into the hacker’s claims to determine if any confidential information had been compromised.
Throughout the investigation, Tom James confirmed that an unauthorized party had gained access to consumers’ confidential information. The hacker accessed consumers’ names and Social Security numbers, though the information leaked varies by individual.
On February 17, 2023, Tom James sent data breach notification letters to all individuals whose sensitive information had been compromised. Per the Attorney General of Maine, the data breach had impacted 8,656 people.
If you receive a notice of a data breach from Tom James, it means your personal information was included in the data breach. Your personal information may have been accessed by hackers who will use the information to prompt Tom James to pay a ransom. Your information might even be released on the dark web for others to buy and use to commit any number of crimes, like identity theft and fraud.
Hackers target companies and employ sophisticated tactics to obtain information in their computer systems. However, if a company’s security is up to date, most attempts can be prevented. If there is evidence of negligence on the part of Tom James in handling consumer information, such as storing it incorrectly or keeping security systems updated, the company can be held liable for damages to the victims of the breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Tom James Company data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to affected individuals:
Dear [Redacted],
We value our relationship with you and respect the privacy of your information, which is why, as a precautionary measure, we are writing to notify you of a recent incident that may affect the privacy of some of your personal information.
As you may know, we experienced a ransomware incident in August 2022 which caused issues and interruption to our IT systems. In partnership with several specialist consultants, we have conducted an exhaustive and very detailed investigation into the complex causes, the process and nature of the incident itself, and resulting impacts.
We write to provide you with information about the event, our response and steps taken to mitigate the effects of this incident (including to prevent this happening again), and steps you can take to protect against the possibility of identity theft and fraud, should you feel it is appropriate to do so.
What Happened? In August 2022, we discovered suspicious activity associated with certain portions of our network that we later identified as a ransomware attack. Immediately in response, we took steps to secure our network and began an investigation to determine the nature and scope of the activity. In addition to the availability and productivity issues experienced during this event, our investigation revealed that an unauthorized actor claimed to have accessed and/or acquired certain files from our environment during this event. As a result of this claim, we immediately undertook a comprehensive review of the potentially-impacted data to identify the information that may have been accessed during this event and to whom it related for purposes of notification.
We thereafter worked to determine the residency of any potentially-impacted individuals as quickly as possible.
We recently concluded this review. We are notifying you now because your information was present in one of the specific files involved in our review, and therefore may have been accessed during this event.
What Information Was Involved? Our investigation determined that the information related to you that may have been affected includes your name and Social Security number. While we have no evidence that any of your information was used for identity theft or fraud, we are notifying you out of an abundance of caution and providing information and resources to assist you protecting your personal information, should you feel it appropriate to do so.
What We Are Doing. We take this incident and the obligation to safeguard the information in our care very seriously. After discovering suspicious activity, we promptly responded, taking steps to confirm our network security, and conducting a comprehensive investigation of the event to determine its nature, scope, and impact.
We also reported this event to federal law enforcement. Further, as part of our ongoing commitment to the privacy and security of personal information in our care, we are reviewing and enhancing our existing policies and procedures relating to data protection and security. We will also institute additional security measures, and time. The Terms and Conditions for this offer are located at [Redacted].
While identity restoration assistance is immediately available to you, we also encourage you to activate the fraud detection tools available through Experian IdentityWorks as a complimentary 12-month membership. This product provides you with superior identity detection and resolution of identity theft. To start monitoring your personal information, please follow the steps below:
Ensure that you enroll by May 31, 2023 (Your code will not work after this date.)
Visit the Experian IdentityWorks website to enroll: [Redacted]
Provide your activation code: [Redacted]
If you have questions about the product, need assistance with Identity Restoration that arose as a result of this incident, or would like an alternative to enrolling in Experian IdentityWorks online, please contact Experian’s customer care team by May 31, 2023. Be prepared to provide engagement number as proof of eligibility for the Identity Restoration services by Experian.
