Posted On February 24, 2023 Consumer Privacy & Data Breaches
February 24, 2023 – After an incident that exposed sensitive consumer information in their possession, Rockler Companies, Inc. filed notice of a data breach with the Massachusetts and Maine Attorney General’s offices on February 17, 2023. According to the filings, an unauthorized party gained access to 8,604 consumers’ information, such as full names, driver’s license numbers, Social Security numbers, financial account numbers, as well as credit and debit card numbers. Once confirmed that there was a consumer data leak, Rockler sent notification letters to all individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Rockler data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Rockler Companies, Inc.
Rockler Companies, Inc. specializes in woodworking and hardware supplies. The company has products under the Rockler brand, including shelving, clamps, hinges, etc. The company also sells other brands. Established in 1954 and based in Burnsville, Minnesota, Rockler now employs over 507 people in locations across the United States, plus an online store. The company generates approximately $126 million in revenue annually.
According to the Maine and Massachusetts Attorney Generals, on May 13, 2022, Rockler Companies determined that it had been the target of a cyberattack when it realized that an outside party had accessed its computer systems.
On May 18, 2022, Rockler learned that consumer data was exposed to a third party, and its next step was to review the files and determine what information was made available. The types of information exposed were consumers’ full names, driver’s license numbers, Social Security numbers, financial account numbers, as well as credit and debit card numbers. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On February 17, 2023, Rockler Companies, Inc. sent letters informing all individuals whose sensitive information had been compromised of the data breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Rockler Companies, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to affected individuals:
I am writing you on behalf of Rockler Companies, Inc. to inform you of a recent incident that may impact the privacy of some of your personal information. Although we are not aware of any actual or attempted misuse of your information at this time, we know it is our responsibility to provide you with information about the event, our response, and steps you may take to better protect against the possibility of identity theft and fraud, should you feel it is necessary to do so. At Rockler, our values require us to ensure we respect the privacy of your information and prioritizes the confidentiality and security of the information within our care. We spared no effort to make sure that we did everything we could to fight off the cyber-attack we experienced quickly, and are now reaching out to provide you with information and tools help you minimize the risk of identity theft and fraud.
What Happened? On or about May 13, 2022, Rockler discovered suspicious activity within its computer environment. Our team acted fast, and we cut off access to the cyber attackers in less than 4 hours. With the assistance of forensic specialists, we immediately launched an investigation to determine the nature and scope of the activity. The investigation identified that an unauthorized actor may have had access to our environment between May 13, 2022 and May 16, 2022. On or about May 18, 2022, the investigation determined that that unauthorized actor had access to certain files and folders within our system which represents less than 1% of the data on our system.
Although we are unaware of any actual or attempted misuse of your or any other information at this time, we engaged specialists to complete a manual and programmatic review of the accessible files and folders to determine whether sensitive information was present. This lengthy review of the data review team required months to complete. On January 10, 2023, the review was completed and we determined that you had some sensitive information present in the potentially accessed files. Out of an abundance of caution, we are providing notice to all individuals who may have been impacted.
What Information Was Involved? Our investigation determined the following information relating to you was present in files stored on our systems during the period of unauthorized access: name, [Redacted]. Please note, we have no evidence of any actual or attempted misuse of personal information as a result of this security incident.
What We Are Doing. We take this incident and the security of personal information in our care very seriously. In response to the security incident, we promptly took steps to secure the environment, including rotating passwords, and conducting a diligent investigation aided by third-party forensic specialists, to confirm the full nature and scope of the event. Further, as part of our ongoing commitment to the privacy of information in our care, we implemented additional technical security measures designed to mitigate recurrence of this type of incident. We also have created a process of continuous improvement to review and enhance our existing data privacy policies and procedures on an ongoing basis.
As an added precaution, we are also providing you with access to [Redacted] months of complimentary identity monitoring and restoration services through Experian, along with guidance on how to better protect against the possibility of information misuse. We are covering the cost of these services, but due to privacy restrictions, you will need to complete the activation process yourself using the enrollment instructions below.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and explanations of benefits, as applicable, and by monitoring your free credit reports for suspicious activity and to detect errors. You can find out more about how to protect against the potential misuse of information in the enclosed Steps You Can Take to Protect Personal Information. There, you will also find more information about the identity monitoring services we are offering and how to enroll.
For More Information. We understand that you may have questions about this incident that are not addressed in this letter. As a result, we have partnered with Epiq who specializes in handling this type of incident and can help you with any additional questions you have. Please call 877-516-6134, 9:00 AM – 9:00 PM Monday through Friday, excluding U.S. holidays. You may also write to us at: 4365 Willow Dr., Medina MN, 55340.
In our world, cyber threats have become a bigger and bigger risk to the security of everyone’s personal information. At Rockler, we are committed to continue to enhance our security systems to help protect your information.