Data Breach Alert: Bridgestone Americas, Inc.

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Recently, Bridgestone Americas, Inc. (“Bridgestone”) was the target of a ransomware attack that may have compromised the sensitive information of an unknown number of consumers or employees.

If you received a data breach notification, it is essential you understand what is at risk. More about our investigation into this breach, and what you can do if your data was stolen, is available here.

Last year, 1,862 data breaches affected more than 189 million people. On average, victims of identity theft spend 200 hours and over $1,300 recovering their identity. Many victims also suffer emotional distress, credit damage, and some have even ended up with a criminal record. Taking immediate action is the best way to prevent the worst consequences of a data breach. If Bridgestone notifies you that your data has been exfiltrated by a ransomware gang and evidence emerges that Bridgestone failed to adequately protect your sensitive information, you may be eligible for financial compensation through a data breach lawsuit.

What We Know So Far About the Bridgestone Data Breach

According to a statement released by the company, on February 28, 2022, Bridgestone first became aware of an IT incident impacting some of its computer systems. In response, Bridgestone retained the assistance of external cybersecurity advisors to look into the situation. It was quickly determined that the IT incident involved a ransomware attack.

Initially, it was unclear who carried out the attack. However, BleepingComputer.com reports that, on March 11, 2022, the LockBit ransomware gang claimed responsibility, naming Bridgestone Americas, Inc. among its list of victims. LockBit ransomware gang has threatened to post the obtained data online, presumably if Bridgestone doesn’t meet the ransom demand.

Given the recency of the ransomware attack, it has not yet been determined what, if any, consumer information was compromised as a result of the incident.

Bridgestone Americas, Inc. is the U.S. division of Bridgestone Corporation, a Japanese-owned tire company. Bridgestone Corp. was founded in 1931 in Kurume, Fukuoka Prefecture in Japan. The company manufactures and sells tires in more than 150 countries and employs over 138,000 people. In 1988, Bridgestone acquired American tire manufacturer Firestone Tire and Rubber Company. Bridgestone currently manufactures tires under the following brands, Bridgestone, Firestone, Primewell, and Fuzion.

More About the Causes and Risks of Data Breaches

Often, data breaches are the result of a hacker gaining unauthorized access to a company’s computer systems with the intention of obtaining sensitive consumer information. This may be done through covert hacking or, as appears to be the case here, through a ransomware attack. While no one can know the reason why the LockBit ransomware gang targeted Bridgestone, it is common for hackers and other criminals to identify those companies believed to have weak data security systems or vulnerabilities in their networks.

While the fact that your information was compromised in a data breach does not necessarily mean it will be used for criminal purposes, being the victim of a data breach puts your sensitive data in the hands of an unauthorized person. As a result, you are at an increased risk of identity theft and other frauds, and criminal use of your information is a possibility that should not be ignored.

Given this reality, individuals who could possibly receive a Bridgestone data breach notification should take the situation seriously and remain vigilant in checking for any signs of unauthorized activity. Businesses like Bridgestone are responsible for protecting the consumer data in their possession.

What Are Consumers’ Remedies in the Wake of the Bridgestone Ransomware Attack?

Notably, Bridgestone has not yet confirmed whether any consumer data was compromised as a result of the recent ransomware attack. However, it appears as though the LockBit ransomware gang may have been able to obtain certain information from the company’s servers.

Of course, given the recency of the Bridgestone data breach, the investigation into the incident is still in its early stages. And, as of right now, there is not yet any evidence suggesting Bridgestone is legally responsible for the breach. However, that could change as additional information about the breach and its causes is revealed.

What Should You Do if You Receive a Bridgestone Data Breach Notification?

If Bridgestone determines that consumer information was compromised in the ransomware attack, it will likely send data breach notifications to affected parties. If you receive a data breach notification letter from Bridgestone at some point in the future, you should take the following steps:

  1. Identify What Information Was Compromised: The first thing to do after learning of a data breach is to carefully review the data breach letter sent. The letter will tell you what information of yours was accessible to the unauthorized party. Be sure to make a copy of the letter and keep it for your records. If you have trouble understanding the letter or what steps you can take to protect yourself, a data breach lawyer can help.

  2. Limit Future Access to Your Accounts: Once you determine what information of yours was affected by the breach, the safest play is to assume that the hacker orchestrating the attack stole your data. While this may not be the case, it’s better to be safe than sorry. To prevent future access to your accounts, you should change all passwords and security questions for any online account. This includes online banking accounts, credit card accounts, online shopping accounts, and any other account containing your personal information. You should also consider changing your social media account passwords and setting up multi-factor authentication where it is available.

  3. Protect Your Credit and Your Financial Accounts: After a data breach, companies often provide affected parties with free credit monitoring services. Signing up for the free credit monitoring offers some significant protections and doesn’t impact any of your rights to pursue a data breach lawsuit against the company if it turns out they were legally responsible for the breach. You should contact a credit bureau to request a copy of your credit report—even if you do not notice any signs of fraud or unauthorized activity. Adding a fraud alert to your account will provide you with additional protection.

  4. Consider Implementing a Credit Freeze: A credit freeze prevents anyone from accessing your credit report. Credit freezes are free and stay in effect until you remove them. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit. While placing a credit freeze on your accounts may seem like overkill, given the risks involved, it’s justified. According to the Identity Theft Resource Center (“ITRC”), placing a credit freeze on your account is the “single most effective way to prevent a new credit/financial account from being opened.” However, just 3% of data breach victims place a freeze on their accounts.

  5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach requires an ongoing effort on your part. You should regularly check your credit report and all financial account statements, looking for any signs of unauthorized activity or fraud. You should also call your banks and credit card companies to report the fact that your information was compromised in a data breach.

Below is a statement made by Bridgestone Americas, Inc. regarding the recent ransomware attack, as reported by BleepingComputer.com:

On February 27, 2022, Bridgestone Americas detected an IT security incident. Since then, we have proactively notified federal law enforcement and are staying in communication with them. We are also working around the clock with external security advisors, Accenture Security, to investigate and understand the full scope and nature of the incident. We have determined this incident to be the result of a ransomware attack. We have no evidence this was a targeted attack. Unfortunately, ransomware attacks similar to this one are increasing in sophistication and affecting thousands of organizations of all sizes.

As part of our investigation, we have learned that the threat actor has followed a pattern of behavior common to attacks of this type by removing information from a limited number of Bridgestone systems and threatening to make this information public.

We are committed to conducting a swift and decisive investigation to determine as quickly as possible what specific data was taken from our environment. Bridgestone treats the security of our teammates, customers, and partners’ information with the utmost importance. We will continue to communicate with them often, working together to mitigate potential harm from these types of incidents and to further enhance our cybersecurity measures as recommended by our internal and external security advisors.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide