Posted On February 15, 2023 Consumer Privacy & Data Breaches
February 15, 2023 – Teijin Automotive Technologies notified the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR”) of a data breach on February 2, 2023 after discovering that a ransomware attack had resulted in the unauthorized access of confidential information belonging to certain of its employees. According to the filing, this data included names, Social Security numbers, dates of birth, addresses, insurance policy information, and banking information. Teijin sent data breach notification letters to the 25,464 employees affected by the incident.
The data breach lawyers at Console & Associates, P.C. are currently looking into the data breach at Teijin Automotive Technologies. If you have been notified of the breach and are curious about your options to protect yourself and if you are able to receive financial compensation from the company, we are offering no-cost consultations to talk about your lawful options.
Teijin Automotive Technologies is based in Auburn Hills, Michigan, and is a manufacturing company that creates lightweight composites that are used in heavy truck, marine, recreation, and automotive vehicle applications. It is a subsidiary of Teijin Limited, which is based in Japan. Teijin Limited has over 20,000 employees and generates about $7 billion in revenue yearly.
The details of the Teijin Automotive Technologies breach were obtained from the company’s filing with the HHS-OCR and an announcement posted on the company’s website. On December 1, 2023, Teijin identified they had become the target of a ransomware attack that affected a section of the company’s computer system. Consequently, Teijin alerted law enforcement and initiated working with IT and forensic specialists to look into the situation.
The investigation revealed that a suspicious email had been sent to an employee of the company. That email contained malicious software that allowed the hackers to gain access to the company’s computer network. Teijin contained the incident by December 5, 2022, but confidential information had already been compromised.
After learning that the consumer data was exposed to a third party, Teijin Automotive Technologies’ next step was reviewing the files and determining what information had been made available. The types of information exposed were consumers’ names, Social Security numbers, dates of birth, addresses, insurance policy information, and banking information. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On February 2, 2023, Teijin Automotive Technologies sent data breach notification letters to all individuals impacted by the data security incident.
Many people are familiar with ransomware attacks; however, the specifics of the attack and the damage it causes are not as widely understood. Every year, millions of people are affected by ransomware attacks, which are a form of cyberattack.
Cybercriminals employ ransomware, a form of malware, or malicious software, to infiltrate an organization’s computer system and prevent them from entering it. They use encryption to block their access and make their files unreadable to anybody without a code to decode the data. Hackers will then keep the data hostage and ask for payment in exchange for restoring access to the network, hence the term “ransomware.” In some cases, businesses cannot carry on without their computer network and must be shut down. In other cases, they are prepared to negotiate.
Hackers have not only blocked the company from accessing its own data but have also begun to threaten to make the information public on the dark web unless the company pays them. This is referred to as a double-extortion attack, and hackers typically send a sample of the stolen information, called a “proof pack,” to the company as evidence of their possession of the data.
Ransomware attacks can begin in various manners. Usually, these attacks begin with a phishing email. Phishing means when hackers send somebody who works for the organization a false email pretending to be legitimate. The reason for this is to get the employee to give data or click on a suspicious link to access the organization’s computer system. These ransomware attacks can be prevented if organizations train their employees to detect and report phishing emails.
Data security systems can also be used to deter ransomware attacks. By ensuring their security systems are up-to-date, companies can prevent hackers from finding and taking advantage of the vulnerabilities of outdated security systems. The technology would also allow them to detect and prevent attacks before they happen, limiting the damage caused by them.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Teijin Automotive Technologies data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the notice posted on their website:
On December 1, 2022, Teijin Automotive Technologies experienced a ransomware attack that impacted some corporate IT systems. IT teams were immediately deployed to address the situation, and law enforcement, including the FBI, was notified immediately to assist with the investigation.
What happened?
On November 30, a Teijin Automotive Technologies employee unknowingly clicked on a link in a phishing email. Clicking this link enabled the threat actors to access the company’s servers. This data breach was discovered on December 1, 2022.
What did Teijin Automotive Technologies do?
Teijin Automotive Technologies takes the privacy and confidentiality of employee information seriously. To stop the unauthorized access, the company worked closely with a team of IT and forensic experts around the clock to restore systems and to ensure that data was securely protected. The incident was contained by December 5.
Teijin Automotive Technologies reported this incident to the FBI. Working in tandem with IT and forensic teams, the company conducted a thorough investigation to determine precisely what occurred and the nature of the information involved. The servers accessed by the threat actors contained data pertaining to Teijin Automotive Technologies’ current and former employees’ participation in the company’s Group Health Plan, which may have included full names and one or more of the following: address, date of birth, full Social Security number, health insurance policy information (including subscriber number or designated insurer) and in a limited number of cases, banking information.
Teijin Automotive Technologies does not believe any medical information was maintained on the affected servers. Out of an abundance of caution, and because of the type of information that may have been involved, the company will be offering credit monitoring at no cost to those affected.
“The security and confidentiality of personal employee information and the business information of our customers is critical to Teijin Automotive Technologies,” said CEO Chris Twining. “We are sorry this incident occurred and apologize to our employees, customers and affected individuals. We have taken additional steps to strengthen the security of our data, including enhancing our security procedures, investing in new technology, and requiring additional training for our employees.”
What should you do?
Teijin Automotive will be notifying all affected individuals by mail and offer credit monitoring at no charge. This process will begin on February 3, 2023, and will continue until all affected individuals are notified. If you believe you are affected by this incident and did not receive a notification letter by May 3, 2023, please call Experian at (855) 797-1895 (US only) or (800) 228-8110 (international), Monday through Friday 9 a.m. – 11 p.m. EST, Saturday and Sunday 10 a.m. – 7 p.m. CST (excluding major U.S. holidays). Please provide this engagement number to the Experian operator: B084884.
If you receive notice that your protected health information or financial information was impacted, it is recommended you remain vigilant and consider taking one or more of the following steps to protect your personal information:
Contact one of the three credit reporting agencies listed below to request a “fraud alert.” You only need to call one agency—they are required to notify the other two.
Equifax: P.O. Box 740241, Atlanta, GA 30374-0241, 1-800-685-1111, www.equifax.com
Experian: P.O. Box 9532, Allen, TX 75013, 1-888-397-3742, www.experian.com
TransUnion: P.O. Box 1000, Chester, PA 19022, 1-800-888-4213, www.transunion.com
You can also request a “credit freeze,” but you must call each agency to place a credit freeze on your account. A credit freeze will lock your credit account until you give permission to unlock it. It is important to note that there is no cost for either service, and neither a fraud alert nor a credit freeze will impact your credit history or credit score.
Remove your name from mailing lists of pre-approved offers of credit for approximately six months.
Receive a free copy of your credit report by calling 1-877-322-8228 or going to www.annualcreditreport.com.
Pay close attention to all bills and credit-card charges you receive for items you did not contract for or purchase.
Review all of your bank account and explanation of benefit statements frequently for checks, purchases, charges, or deductions not made by you.
If you suspect or know that you are the victim of identity theft, you should contact local police and you also can report this to the Fraud Department of the FTC online at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
