A. Duda & Sons, Inc. Confirms Massive Data Breach Potentially Leaking 300 GB of Data

Console and Associates, P.C.

On August 3, 2022, A. Duda & Sons, Inc., along with its affiliates and subsidiaries, including Duda Farm Fresh Foods, Duda Ranches, DUDA Commercial Properties, The Viera Company, Viera Builders, and Duran Golf Club (collectively, “DUDA”) confirmed that the company was the target of a sophisticated ransomware attack leading to an estimated 300 gigabytes of exfiltrated data. According to DUDA, the breach resulted in the names, Social Security numbers, financial information, employee information and email addresses of certain individuals being compromised. Recently, DUDA sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds. While DUDA did not disclose the number of potential victims, based on the company’s statements, it appears the incident affected a large number of people.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the DUDA data breach, please see our recent piece on the topic here.

More Info on the DUDA Ransomware Attack and Data Breach

According to an official notice filed by the company, as well as a notice posted on its website, in June and July of 2022, cybercriminals gained access to DUDA’s computer system. Then, on July 9, 2022, those same hackers orchestrated a ransomware attack against DUDA, encrypting a portion of the company’s computer network.

In response, DUDA took the necessary steps to restore and secure its computer systems and then reached out to law enforcement and cybersecurity professionals to assist in the investigation. This investigation confirmed that the “data accessed by the hackers was varied and substantial.” In fact, on July 13, 2022, a user named “BlackCat” posted the following on the dark web:

“Companies: https://dudafresh.com, https://duda.com, https://vierabuilders.com, https://viera.com

More than 300 gigabytes! Accountants! Personal data! More 16000 SSN! Personal messages! All family secrets Duda! And not only.... Soon...”

Upon discovering that sensitive consumer data was accessible to an unauthorized party, DUDA then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your full name, Social Security number, payroll data, financial information, date of birth, email address, telephone number, address, employee identification numbers, employee dependent information and any other information you provided to DUDA in the past.

On August 3, 2022, DUDA sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The company also posted a “Notice of Data Breach” on its website.

More Information About A. Duda & Sons, Inc.

A. Duda & Sons, Inc. is an agricultural producer and diversified land company based in Oviedo, Florida. DUDA owns and operates a number of other companies that complement the organization’s business model, including Duda Farm Fresh Foods, Duda Ranches, DUDA Commercial Properties, The Viera Company, Viera Builders, and Duran Golf Club. DUDA also grows a variety of agricultural commodities, including vegetables, citrus, cattle, sugarcane, and other crops. DUDA grows an estimated 33 percent of the world’s celery. DUDA employs more than 1,099 people and generates approximately $597 million in annual revenue.

The New Wave of Ransomware Attacks Put Companies in the Hot Seat

Ransomware attacks are one of the most common types of cyberattacks. In general, a ransomware attack occurs when a hacker or other bad actor installs a specific type of malware on a victim’s computer. Hackers usually do this by sending a phishing email to an employee who clicks on a malicious link that downloads the malware onto their computer. Once the malware is installed on the victim’s device, it encrypts some or all of the files on the computer and may infect other parts of an organization’s network. The “ransom” in ransomware comes into play when the hackers send the victim a message demanding they pay a ransom if they want access to their device. In theory, once the victim pays the ransom, the hackers decrypt their computer.

However, the DUDA ransomware attack is an example of a new breed of ransomware attacks, which are quickly becoming the norm. The primary difference is that rather than passively hoping an organization sees the value in paying the ransom, hackers threaten to publish any exfiltrated data to the dark web. Once data is posted on the dark web, anyone with access can then use that information for whatever criminal purposes they desire.

Companies do not want to be seen as prioritizing money over the privacy of their customers’ information. Not surprisingly, these new ransomware attacks have been highly successful. And the DUDA ransomware attack and subsequent data breach are a perfect example of the difficult position they put these companies in.

Of course, consumers are the real victims of a ransomware attack. Large companies not only have the resources to pay an occasional ransom, but they also have the ability (and responsibility) to implement strong data security systems designed to prevent these attacks in the first place.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.