On July 8, 2022, Southern Environmental, Inc. (“SEI”) reported that the company experienced a data breach earlier this year after an unauthorized party gained access to sensitive consumer data contained on the SEI network. According to the SEI, the breach resulted in names, Social Security numbers, and financial account information being compromised. There is not yet an estimate of the total number of affected people; however, Southern Environmental, Inc. explained that the breach affected current and former employees.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Southern Environmental data breach, please see our recent piece on the topic here.
What We Know About the Southern Environmental Data Breach
According to an official notice filed by the company, on April 16, 2022, Southern Environmental, Inc. detected suspicious activity on its computer network. In response, the company secured its network and began an investigation into the incident with the assistance of third-party cybersecurity specialists.
The SEI investigation confirmed that, as a result of the cyberattack, sensitive information belonging to current and former employees was accessible to the unauthorized party between March 24, 2022 and April 16, 2022.
After learning that sensitive employee data was compromised, Southern Environmental reviewed the affected files to determine exactly what information was involved in which employees were impacted by the incident. While the breached information varies depending on the individual, it may include your name, Social Security number and financial account information, such as bank account numbers.
On July 8, 2022, Southern Environmental sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Southern Environmental, Inc.
Founded in 1973, Southern Environmental, Inc. specializes in the design and construction of air pollution control projects. Primarily, SEI serves the power generation, pulp and paper, cement, petrochemical, non-ferrous metal, fiberglass, iron and steel, and mining industries by designing, manufacturing and constructing air pollution solutions that allow its customers to comply with EPA regulations. SEI is based in Pensacola, Florida and maintains an engineering office in Westerville, Ohio. Southern Environmental employs more than 224 people and generates approximately $44 million in annual revenue.
How Do Hackers Carryout Cyberattacks?
Most data breaches involve a hacker or other bad actor accessing sensitive consumer information. However, there are a variety of tools hackers have at their disposal for carrying out these cyberattacks.
While Southern Environmental, Inc. provided limited details about the recent data security incident, the company did not elaborate on how the unauthorized party gained access to the company’s servers. There are a few different ways this could have occurred. Below are a few of the most common causes of data breaches.
An Employee Responds To a Phishing Email
Phishing attacks rely on principles of social engineering to get an employee to provide information to the hacker directly or download malicious software that allows the hacker to access the victim’s computer. Phishing attacks start with the hacker sending a legitimate-looking email asking for the recipient to either verify their identity or click on a link. Email phishing is an increasingly common way for hackers to obtain sensitive consumer information. In fact, according to the Identity Theft Resource Center, email phishing attacks are the most commonly used type of cyberattack, representing over a third of all attacks in 2021.
A Company Employee Doesn’t Follow the Correct Procedures
Many data breaches are the result of an employee’s error. Often, this is the result of an employee failing to follow the rules that the company established for handling consumer data. For example, an employee may fail to encrypt files containing sensitive information or send information to an unsecured email address. Hackers can intercept these communications. Once this data gets into the hands of a cybercriminal, they can then use it to access the victim’s other accounts or make unauthorized transactions in the victim’s name.
A Company Fails to Implement an Up-To-Date Data Security System
Data security systems are the first line of defense against cyberattacks. Data security systems not only prevent many breaches, but they can also more quickly detect cyberattacks, which may limit a hacker’s ability to obtain consumer data. Companies that rely on inadequate or outdated systems are more likely to be successfully targeted by hackers.
While the end result of each of these different attacks is the same, they are carried out in different ways. Businesses have a legal duty to protect the consumer data in their possession and must continually review their data security and privacy practices to ensure they live up to their responsibilities. Those organizations that fail to take their obligations seriously may be held liable through a data breach class action lawsuit.
