Henry Company Data Breach Exposes Customers’ Social Security Numbers

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Recently, Henry Company, a California-based construction supply company, announced a data breach exposing the names, driver’s license numbers, identification numbers, and Social Security numbers of certain individuals. On April 20, 2022, Henry Company sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from the risk of fraud or identity theft.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Henry data breach, please see our recent piece on the topic here.

More Information About the Data Breach at Henry Company

On April 20, 2022, Henry Company filed an official notice of a data breach stemming from what the company refers to as “unlawful ransomware activity.” While the details regarding what the cybercriminals demanded and whether Henry Company met their demands were not mentioned in the letter, Henry company confirmed that the attack took place between January 22 and January 29, 2022.

After discovering that the company was the target of a ransomware attack, Henry Company secured its network and then began working with a cybersecurity forensics firm to learn more about the incident as well as what, if any, consumer information was exposed as a result. Through this investigation, Henry Company learned that certain files containing sensitive consumer data were among those that were accessible to the hackers.

The affected files contained the names, Social Security numbers, driver’s license numbers, and/or identification numbers of certain individuals. On April 20, 2022, Henry Company began sending out data breach letters to anyone whose information was impacted by the breach.

Henry Company is a construction supply company specializing in Building Envelope Systems. A Building Envelop System refers to the parts of a building that keep the rain, moisture, wind and other elements out and keep in the conditioned environment of the building. Henry Company is based in El Segundo, California and is a subsidiary of the much larger construction supply company, Carlisle Companies. Henry Company employs more than 650 people and generates approximately $253 million in annual revenue.

What Are Ransomware Attacks and How Can They Be Prevented?

A ransomware attack is one of the leading tactics used by cybercriminals to obtain valuable consumer information. According to the Identity Theft Resource Center, the number of ransomware attacks against U.S. companies more than doubled between 2020 and 2021, from 158 to 321. This makes ransomware attacks the second-most common type of cyberattack, behind only email phishing attacks.

While there are several types of ransomware attacks, in general, the hacker installs malicious software on a device or network, which locks the user out. Then, when they try to get back into their system, a notice appears demanding they satisfy the hackers’ demands before being allowed to regain access. In most cases, hackers orchestrate ransomware attacks to force companies to pay a monetary ransom. Often, if a company does not comply with the hackers’ demands—and sometimes even if they do—the hackers will post sensitive information contained on the company’s network onto the Dark Web.

The Federal Bureau of Investigation recently posted guidance for companies on how to avoid a ransomware attack. According to the FBI, companies should keep the following in mind when conducting their day-to-day business:

  • Frequently back up all critical data;

  • When backing up data, ensure copies are uploaded to the cloud or downloaded to an external hard drive;

  • Secure back-ups to ensure data is not accessible from the system where the original data is kept;

  • Install and regularly update anti-virus or anti-malware software on all hosts;

  • Only use secure networks and avoid using public Wi-Fi networks;

  • Use two-factor authentication for user login credentials;

  • Use authenticator apps rather than email because cybercriminals may gain control of employee email accounts;

  • Do not click on unsolicited attachments or links in emails; and

  • Implement least privilege for file, directory, and network share permissions.

Of course, sometimes, companies make mistakes that can open the door to a ransomware attack. These mistakes can cost consumers dearly by compromising their personal data. Following a ransomware attack, consumers whose information was leaked may be able to hold the company liable through a data breach class action lawsuit.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide