On August 5, 2022, Berkshire Partners LLC reported a data breach with the Massachusetts Office of Consumer Affairs and Business Regulation after the company learned of unauthorized activity within company email accounts. According to Berkshire Partners, the breach resulted in the names, Social Security numbers and financial information of certain individuals being compromised. After confirming the breach and identifying all affected parties, Berkshire Partners began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Berkshire Partners data breach, please see our recent piece on the topic here.
What We Know About the Berkshire Partners Data Breach
The information about the Berkshire Partners LLC data breach comes from an official company filing the Massachusetts Office of Consumer Affairs and Business Regulation. According to the most recently available data, on February 24, 2022, Berkshire Partners detected suspicious activity within an administrative employee’s email account. In response, the company began working with third-party cybersecurity professionals to investigate the incident.
The company’s investigation revealed that an unauthorized user accessed and acquired certain emails from the affected employee’s email account between August 18, 2021 and February 24, 2022.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Berkshire Partners began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. On July 18, the company completed its review of all compromised files. While the breached information varies depending on the individual, it may include your first and last name, Social Security number and financial information.
On August 5, 2022, Berkshire Partners sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Berkshire Partners LLC
Founded in 1984, Berkshire Partners LLC is a private equity firm based in Boston, Massachusetts. The company invests in growing businesses and provides its businesses with varying types of assistance other than access to capital. Berkshire Partners focuses on the following sectors: consumer products, healthcare, technology and services & industrials. Berkshire Partners employs more than 180 people and generates approximately $83 million in annual revenue.
When Is a Company Responsible for a Data Breach?
Data breaches involve a hacker or some other type of bad actor intentionally bypassing a company’s data security system for the purposes of stealing consumer data. When it comes to determining liability after a data breach, perhaps the most obvious choice is the hacker who carried out the attack. However, tracking down a hacker after a data breach is challenging, and even if you could find them, it may not be worth pursuing a claim against them because they may not have the assets to satisfy a judgment.
However, when thinking about who is responsible for a data breach, it’s not as easy as placing all the blame on the criminal actor who orchestrated the attack. The company that stored the information may also be responsible. While data breaches certainly present risks to targeted companies, the real victims of a data breach are those consumers whose information ends up in the hands of criminals. Recognizing this reality, state and federal laws require companies to take certain precautions when they ask for or agree to store consumer information. Thus, if a company leaks sensitive consumer information as a result of a data breach, the company may be liable to the victims of the breach.
Below are just a few ways a company may be negligent with regard to consumer data:
The company does not have an up-to-date data security system;
The company does not provide training to employees regarding the dangers of phishing emails;
The company stores sensitive consumer information in a way that allows public access to the data;
The company sends sensitive consumer information to an unauthorized party; or
The company disregards known security threats that could compromise the data in its possession.
Under U.S. data breach laws, companies and organizations that store consumer data have a legal obligation to keep consumer data safe and secure. Thus, those organizations that are negligent in how they handle consumer data may be held financially liable after a breach. However, the laws governing these claims are complex, and anyone interested in learning more about data breach claims should consult with a data breach lawyer for assistance.