Legacy Supply Chain Services, Inc. Confirms Recent Data Breach Resulting in More Than 11k Compromised Social Security Numbers

Console and Associates, P.C.
Contact

On September 1, 2022, Legacy Supply Chain Services, Inc. confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on Legacy’s network. According to Legacy, the breach resulted in the names and Social Security numbers of 11,972 individuals being compromised. Recently, Legacy sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Legacy Supply Chain data breach, please see our recent piece on the topic here.

What We Know About the Legacy Supply Chain Data Breach

According to an official notice filed by the company with the Office of the Maine Attorney General, on around August 10, 2022, Legacy Supply Chain Services, Inc. discovered that an unauthorized party had gained access to a portion of the company’s IT network. In response, Legacy took the necessary steps to secure its systems and then launched an investigation into the incident.

The company’s investigation revealed that the period of unauthorized access began five days earlier than it was detected, on August 5, 2022.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Legacy Supply Chain then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.

On September 1, 2022, Legacy Supply Chain sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Based on the company’s own estimates, the Legacy Supply Chain data breach affected the information of 11,972 individuals.

Founded in 1983, Legacy Supply Chain Services, Inc. is a third-party logistics provider based in Franklin, Indiana. In this role, the company assists its customers with warehousing & distribution services, fulfillment services, engineering & technology services and transportation services. The company operates 35 distribution, fulfillment and transportation locations throughout the United States and Canada, most of which are centered in the western and midwestern states. Legacy Supply Chain employs more than 1,400 people and generates approximately $457 million in annual revenue.

Is Legacy Supply Chain Financially Responsible for Data Breach Victims’ Harms?

As a general rule, all organizations have a legal duty to protect the sensitive information in their care. Thus, under United States data breach laws, companies that experience a preventable data breach may be liable for any financial losses a consumer experiences as a result of a data breach. However, just because a business experiences a hacking event and the information in its possession ends up in the hands of a bad actor doesn’t necessarily mean that the company is on the hook for victims’ losses. Ultimately, data breach lawsuits come down to whether the company that leaked the information was negligent in its actions leading up to the breach.

While every state’s laws vary slightly, the basic framework for a negligence analysis requires a data breach victim to prove the following:

  • The company owed them a duty of care;

  • The company violated the duty of care owed to the data breach victim;

  • The company’s negligent actions caused or contributed to the data breach; and

  • The data breach victim suffered legally recognizable harms as a result of the breach.

When it comes to storing consumer data, there are many ways that a company might be negligent. However, most data breaches involving a company’s negligence are the result of a company failing to employ an adequate data security system or failing to train employees on how to properly care for consumer data. For example, given the risks of email phishing attacks, all organizations should train employees to recognize fraudulent emails that appear to be legitimate. Similarly, organizations should frequently review their data security systems to ensure they are up-to-date and effectively protect against the most common types of cyberattacks.

Companies that fail to take their data security obligations seriously increase the chances of a data breach. Data breach victims who are interested in learning more about their rights and whether they may be able to bring a data breach class action lawsuit should reach out to a data breach attorney for assistance.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide