Recently, Wilkins Recreational Vehicles, Inc. (“Wilkins RV”) confirmed that the company experienced a data breach after it was the target of a ransomware attack earlier this year. According to the Wilkins RV, the breach resulted in the names, driver’s license numbers, Social Security numbers and credit or debit card numbers of 17,408 customers being compromised. On June 8, 2022, Wilkins RV filed official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Wilkins Recreational Vehicles data breach, please see our recent piece on the topic here.
Additional Details About the Wilkins Recreational Vehicles Data Breach
According to filings to various government entities, on February 8, 2002, Wilkins RV became aware that the company was the target of a ransomware attack. Evidently, the unauthorized parties orchestrating the attack gained access to the Wilkins RV system a few days earlier, on February 2, 2022.
After discovering the attack, Wilkins RV took the necessary steps to secure its systems and then launched an investigation into the incident. This investigation revealed that the company was the victim of a Conti ransomware attack. Wilkins surmised that the threat actor gained access to the company’s systems through a phishing email that an employee opened. The email evidently contained malware.
Wilkins RV notes that it did not respond to the ransomware gang’s demands and that it “was unable to determine if any data was actually taken or what specific data may have been accessible to the criminal actors during the attack.”
Once Wilkins Recreational Vehicles confirmed unauthorized access to files containing sensitive consumer information, the company then reviewed the affected files to determine exactly what information was compromised. While the breached information varies depending on the individual, it may include your name, driver’s license number, Social Security number, credit card number and debit card number. As many as 17,408 customers are believed to have been impacted by the Wilkins RV data breach.
On June 8, 2022, Wilkins Recreational Vehicles sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Wilkins Recreational Vehicles, Inc.
Wilkins Recreational Vehicles, Inc. is an RV dealer based in Bath, New York. The company sells new and used recreational vehicles and trailers, including the following brands: Alliance, Coachmen, CrossRoads, DRV Luxury Suites, Shasta, Palomino, Grand Design and Gulf Stream. Wilkins Recreational Vehicles also rents RVs and assists buyers in obtaining financing. Wilkins RV operates seven locations throughout New York, including in Bath, Brewerton, Clay, Churchville, Fulton, Nichols and Victor. Wilkins Recreational Vehicles employs more than 160 people and generates approximately $20 million in annual revenue.
Learn More About Ransomware and Phishing Attacks, Two of the Leading Causes of Data Breaches
To the credit of Wilkins RV, the company provided more information than most regarding the events leading up to the breach. Unfortunately, the situation Wilkins RV finds itself in is not unusual for businesses these days. Ransomware attacks, particularly those stemming from successful email phishing attacks, are extraordinarily common. Phishing and ransomware attacks are the top two types of data breaches. For example, in 2021, these two types of attacks made up about 60 percent of all cyberattacks.
Ransomware and phishing attacks are also quite successful. According to a 2021 study, employees in the United States receive an average of 14 malicious emails per year. Some employees, such as those in the retail industry, receive an average of 49 malicious emails per year. These attacks are well-designed and appear to come from trusted sources. In fact, 86% of companies had at least one employee who clicked a phishing link in 2021.
Phishing attacks rely on principles of social engineering to get an employee to provide information to a hacker, either through responding to an email or by clicking on a malicious link contained in an email. The information obtained through a successful email phishing campaign is often used to commit fraud or identity theft against the victim. While a company is certainly one of the victims of a phishing attack, the real victims are those whose information is stolen in these cyberattacks.
While it is usually an employee who provides the hacker with the information they need to orchestrate a ransomware attack, it isn’t necessarily up to individual employees to detect these threats. Employers have an obligation to educate their employees about the importance of consumer privacy, generally, as well as how to mitigate the risks of phishing attacks. Indeed, many employers have started to require employees to attend training seminars outlining the most common phishing techniques.
Ultimately, companies are the first and last line of defense in protecting the consumer data in their possession. Organizations that choose not to take these threats seriously jeopardize the safety of their customers’ information.