Bridgestone Americas, Inc. Releases Additional Details About February 2022 Ransomware Attack

Console and Associates, P.C.
Contact

On August 31, 2022, Bridgestone Americas, Inc. reported a data breach with the Attorney General of Massachusetts after the company was targeted in a ransomware attack. According to Bridgestone, the breach resulted in the names, Social Security numbers and bank account information of certain individuals being compromised. After confirming the breach and identifying all affected parties, Bridgestone Americas began sending out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Bridgestone Americas data breach, please see our recent piece on the topic here.

What We Know About the Bridgestone Americas Data Breach

The information about the Bridgestone Americas, Inc. data breach comes from the company’s official filing with the Attorney General of Massachusetts. According to this source, on February 27, 2022, Bridgestone was the target of a cyberattack resulting in portions of the company’s computer system being inaccessible.

In response to this discovery, Bridgestone secured its servers and began working with third-party cybersecurity specialists to investigate the incident. In fact, based on statements from a company representative, Bridgestone had to shut down a significant portion of its manufacturing facilities as a result of the attack.

Initially, Bridgestone believed that, while certain files were accessible to the unauthorized party, those files were limited to business records. However, a subsequent investigation confirmed that the hackers carrying out the attack also gained access to files containing sensitive consumer information.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Bridgestone Americas began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your name, Social Security number and bank account information.

Since then, a well-known ransomware gang, LockBit 2.0, has taken credit for the attack and threatened to leak the stolen data on the dark web if the group’s demands were not met. Bridgestone has not confirmed whether it paid the ransom.

On August 31, 2022, Bridgestone Americas sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Bridgestone Americas, Inc.

Bridgestone Americas, Inc. is the U.S. division of Bridgestone Corporation, a Japanese-owned tire company. Bridgestone Corp. was founded in 1931 in Kurume, Fukuoka Prefecture, Japan, and manufactures and sells tires in more than 150 countries. In 1988, Bridgestone acquired American tire manufacturer Firestone Tire and Rubber Company. Bridgestone currently manufactures tires under the following brands, Bridgestone, Firestone, Primewell, and Fuzion. Bridgestone Americas employs more than 138,000 people and generates approximately $28 billion in annual revenue.

The Bridgestone Breach Is an Example of the New Ransomware Attacks

Ransomware attacks are one of the leading types of cyberattacks and have been so for a long time. Ransomware actors have always used these attacks to make money off of victims—both the companies they target and the consumers whose information they steal. However, traditionally, the main incentive for paying a ransom was to regain access to an encrypted device. It wasn’t until more recently that hackers started to threaten to publish stolen data on the dark web if a company does not comply with the hackers’ demands. This is exactly what appears to have happened in the Bridgestone breach.

Of course, the threat of publishing stolen consumer data provides a major incentive for companies to pay a ransom because a company doesn’t want to be blamed for identity theft and other frauds that can follow in the wake of these attacks. However, companies like Bridgestone are in the best position to prevent ransomware attacks by implementing a robust data security system. They are also in a position to ensure that hackers do not post consumer data on the dark web. At the same time, the FBI advises against paying a ransom because doing so emboldens the hackers.

Once a consumer’s information is posted on the dark web, it is accessible to anyone who takes the time to learn how to access the dark web. Certainly, most law-abiding citizens do not have the time or interest to download special software just to access stolen information. The reality is that criminals are constantly prowling the dark web for information they can use to commit identity theft and other frauds. Thus, those who were impacted by a ransomware attack such as the Bridgestone data breach should ensure they take all necessary precautions to protect their information.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide