July 27, 2022

Wilson Tool International Confirms Recent Data Breach Affecting Current and Former Employees

+ Follow Contact

Send

Embed

On July 25, 2022, Wilson Tool International reported a data breach after the company discovered that an unauthorized party accessed and encrypted certain files on the company’s network. After confirming that the company was the victim of a ransomware attack and identifying all affected parties, Wilson Tool began sending out data breach letters to all affected parties. However, Wilson Tool has not publicly disclosed the data types that were compromised in the ransomware attack.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Wilson Tool data breach, please see our recent piece on the topic here.

What We Know About the Wilson Tool Data Breach

The information about the Wilson Tool International data breach comes primarily from two sources. The first is the official notice Wilson Tool provided to state government agencies, and the second is an industry trade article in which the president of the company offered candid insight about the breach, its causes, and the effect it had on the company.

Evidently, on March 13, 2022, Wilson Tool noticed that most of its computer systems were down. The company’s IT security consultant was able to quickly determine that the outage was due to a ransomware attack. At the time, eight of the company’s 12 locations were down.

In response, Wilson Tool terminated the unauthorized access and worked with cybersecurity professionals to investigate the incident. The company notes that its investigation is ongoing; however, Wilson Tool has confirmed that the unauthorized party who orchestrated the attack was able to access files containing sensitive consumer data.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Wilson Tool began reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the company seems to have concluded this investigation, it has not yet publicly released the data types that were leaked as a result of the recent ransomware attack.

On July 25, 2022, Wilson Tool sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

In a subsequent interview, the president of Wilson Tool explained what it was like living through a ransomware attack and the impact it had on the company’s ability to conduct business. Especially interesting is the fact that, in the summer of 2021, Wilson Tool was notified of an unpatched system (a patch is a set of changes to a computer program or its data designed to update, fix, or improve the program—most patches are released to fix security vulnerabilities or other bugs). However, due to a staffing shortage in the company’s IT department, Wilson Tool disregarded the IT update. It appears that hackers were able to exploit the vulnerability caused by the unpatched system to access the company’s computer system.

More Information About Wilson Tool International

Wilson Tool International is a tool manufacturer that designs and sells a range of tools for the tableting, stamping, bending and punching industries. Wilson Tool is located in White Bear Lake, Minnesota, but has manufacturing facilities and sales channels around the globe, including in Canada, Mexico, Brazil, England, Denmark, Germany, France and Italy. In 2018, Wilson Tool purchased the tablet press tooling division of Thomas Engineering Inc. Wilson Tool employs more than 544 people and generates approximately $147 million in annual revenue.

Do Companies Have a Legal Duty to Protect Consumer Information?

Yes, data breach and consumer protection laws in the United States impose a duty on companies that store or maintain consumer data, requiring them to do so in a way that both preserves the privacy and safety of the information. These same laws also allow for victims of a data breach to hold a company negligent for leaking their information in certain cases. Of course, just because a business gets hacked doesn’t mean that it is financially liable for a victim’s damages—the question is whether the company’s negligence played a role in the breach.

The basic framework of a negligence analysis requires a victim to prove the following:

The company owed the consumer a duty of care;
The company violated the duty of care owed to the consumer;
The company’s negligent actions caused or contributed to the data breach; and
The consumer suffered legally recognizable harms as a result of the breach.

When it comes to storing, transmitting and using consumer data, companies can be negligent in a number of ways. Below are some of the most common examples of how a company’s negligence may lead to a data breach.

An organization’s data security system is inadequate, either because it was not properly maintained, outdated or otherwise insufficient for the size and scope of the business;
An employee accidentally transmits consumer information to an unauthorized or unknown party;
The company fails to provide a system for encrypting and storing sensitive consumer data and;
An employee responds to a phishing attack, either by clicking on a link or providing sensitive information to an unauthorized party.

Data breach victims who want to learn more about their rights and whether they may be able to bring a data breach class action lawsuit should reach out to a data breach attorney for assistance.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.