Posted On February 27, 2023 Consumer Privacy & Data Breaches
February 27, 2023 – Alvaria, Inc. filed a notice of a data breach with the Massachusetts Attorney General on February 22, 2023 after learning of a ransomware attack by Hive on its computer network. According to the filing, an unauthorized party gained access to sensitive information like full names, passport numbers, Social Security numbers, health insurance information, financial account information, and tax-related information. Once confirmed that there was a data leak, Alvaria sent data breach notification letters to all individuals affected by the security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Alvaria, Inc. data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Alvaria.
Alvaria, Inc. is a business software organization that produces software that can track customer experiences and workforce engagement. It is the result of a merger between Noble Systems and Aspect Software. Based in Westford, Massachusetts, Alvaria employs over 2,000 people and generates approximately $423 million in revenue annually.
According to its filing with the Attorney General of Massachusetts, Alvaria detected suspicious activity on the company computer network on November 28, 2022. According to the filing, Alvaria was the victim of a ransomware attack by a group called Hive. Alvaria informed law enforcement, and while an investigation was being conducted by the FBI, Hive Ransomware released confidential information onto the dark web. The information did not belong to employees or consumers. Alvaria launched its own investigation into the leak to ascertain exactly what information had been leaked.
After learning that the consumer data was exposed to a third party, Alvaria’s next step was reviewing the files and determining what information had been made available. The types of information exposed were sensitive information like full names, passport numbers, Social Security numbers, health insurance information, financial account information, and tax-related information. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On February 22, 2023, Alvaria sent data breach notification letters to all affected individuals impacted by the ransomware attack.
A ransomware attack is a cyberattack that involves hackers installing malicious software on a company’s computer network. This software is called malware and encrypts the data and restricts the company from accessing its own network. Encryption is when files are encoded and prevents anyone who doesn’t have the means to decrypt them from accessing them.
The “ransom” part comes into it when the hackers leave a message for the company to pay a fee to release the files. If the fee is paid, the files will be decrypted, and the attack will end.
Lately, however, hackers have gotten more malicious with their threats. If a company has backups of its files, much of the incentive to pay the ransom is gone. So, hackers have begun to implement a technique called “double extortion.” They encrypt the files and threaten to release them onto the dark web, where anyone can use the information to commit fraud and identity theft if the company refuses to pay.
Ransomware attacks are preventable if data security systems are up-to-date and maintained well. Hackers take advantage of antiquated technology by seeking and exploiting vulnerabilities. If technology is up to date, companies can detect and prevent attacks before they happen.
The group that conducted the ransomware attack on Alvaria was called Hive Ransomware, a hacker group that has targeted multiple businesses in many countries. The U.S. Department of Justice announced through a notice on its website on January 26, 2023 that they were successful in disrupting and dismantling Hive’s network.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Alvaria, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to affected individuals:
We write to inform you about a data incident experienced by Alvaria, Inc. (“Alvaria” or “the Company”) that involved some of your personal information related to your employment with the Company. We are providing you with information about the incident and steps you can take to protect yourself, should you feel it necessary to do so.
What Happened? On November 28, 2022, the Hive Ransomware group executed a ransomware attack on a limited portion of our internal Corporate network. We immediately investigated the incident, took steps to contain the attack, remediated our systems, and notified the Federal Bureau of Investigation. While Alvaria was still investigating the potential exfiltration of any data, on December 21, 2022, we learned that the criminal actors released corporate records on their Dark Web site. We confirmed that the data released on the Dark Web site did not include your personal data. With the assistance of a third-party forensics company, we learned that the criminals had access to certain folders on corporate servers that contained employment-related files. Our forensics investigation could not conclusively determine whether these specific employment-related files were accessed or acquired. Additionally, on January 26, 2023, the U.S. Department of Justice announced a coordinated law enforcement operation that dismantled the Hive Ransomware network and seized their infrastructure. Law enforcement has not indicated whether these employment-related files had been acquired. Although we have no evidence of actual or attempted misuse of information contained within these employment-related files, we are providing you this notice.
What Information Was Involved? Based on our investigation, we have determined that the criminal actors may have had access to employment-related data, which may include your name, government-issued identification (e.g., social security number, passport number, etc.), financial account information, health insurance information, and/or tax-related information.
What We are Doing. Upon discovery of this incident, we secured our network, implemented measures to further improve the security of our systems, safely remediated our systems and operations, and initiated an investigation into the incident. We also are notifying you so that you may take further steps to protect your information, should you feel it appropriate to do so. In addition, as part of your employment, you already are provided with access to credit monitoring, dark web monitoring, and fraud remediation services through Allstate Identity Protection at no charge to you.
What You Can Do. Please review the enclosed “Steps You can take to Help Protect Your Information,” which describes your access to the Allstate Identity Protection service, and provides further details on how to protect yourself. We encourage you to remain vigilant against the potential for identity theft and fraud by monitoring your account statements and credit reports for any potentially suspicious activity.