Blume Global, Inc. Confirms Data Breach After Malware Attack

Console and Associates, P.C.

On August 11, 2022, Blume Global, Inc. reported a data breach with the Office of the Vermont Attorney General stemming from what the company characterizes as a malware attack. While the company has yet to confirm what data was leaked as a result of the incident, based on state data breach reporting requirements, it is likely that the breach leaked highly sensitive information belonging to those affected by the incident. After confirming the breach and identifying all affected parties, Blume Global began sending out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Blume Global data breach, please see our recent piece on the topic here.

What We Know About the Blume Global Data Breach

The information about the Blume Global, Inc. data breach comes from the company’s official filing with the Office of the Vermont Attorney General. According to the most currently available information, Blume Global recently learned that the company was the victim of a malware attack. In response, Blume secured its systems, contacted law enforcement, and then engaged the assistance of third-party cybersecurity specialists to investigate the incident.

The company’s investigation confirmed that an unauthorized party gained access to certain files on the Blume network that contained sensitive consumer data. Upon discovering that sensitive consumer data was accessible to an unauthorized party, Blume Global began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. The company notes that the breached information varies depending on the individual but did not elaborate on what data types were compromised. However, because organizations only need to report incidents that affect highly sensitive and personal information, there is a reasonable probability that the Blume data breach involved individuals’ names and one or more of the following data types:

  • Social Security numbers,

  • Financial account information, and

  • Protected health information.

On August 11, 2022, Blume Global sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Blume Global, Inc.

Blume Global, Inc. is a software company based in Pleasanton, California. The company develops customized supply chain platforms for its customers in the logistics industry, including air freight companies, railway companies, trucking companies and more. Blume Global employs more than 450 people and generates approximately $31 million in annual revenue.

What to Do After a Data Breach Leaks Your Personal Information

Data breaches present major risks to consumers, so it is essential that all consumers—but especially recent victims of a data breach—know the steps to take to protect themselves and their personal information. Below are a few steps you can take to minimize the risk of identity theft or other frauds in the event your information is leaked in a breach.

Carefully Read the “Notice of Security Incident” Sent by the Blume Global

If you were affected by the Blume Global breach, the company will have sent you a “Notice of Security Incident.” The first thing to do is to carefully review the letter to confirm that your information was compromised and, if so, determine what information was leaked. While any compromised information is concerning, Social Security numbers, financial information, or protected health information are the easiest types of data for hackers to use to commit identity theft and other frauds.

Protect Your Personal Information

Next, you should take steps to limit any future access to your online accounts, including healthcare, financial, and social media accounts. Immediately change all your passwords and security questions for any online accounts. Additionally, where available, sign up for multi-factor authentication. Although inconvenient, multi-factor authentication adds an additional layer of protection, making it harder for criminals to access your accounts.

Enroll in Free Credit Monitoring Provided by the Blume Global

After a company reports a data breach, it typically provides free credit monitoring for a period of time. For example, Blume Capital is offering affected parties free credit monitoring through Equifax for 24 months. This is not a trick; signing up for this free service does not impact any of your rights to pursue a claim against the company.

Consider a Fraud Alert or Credit Freeze

If you suspect that your Social Security number or financial account information was compromised in the breach, placing a fraud alert or credit freeze on your credit account is a good idea. A fraud alert is a free service that requires any business to take additional steps before extending a new line of credit. A credit freeze prevents anyone from accessing your credit report without your approval. Credit freezes last until you remove them; however, you can always allow one-time credit checks if you need to apply for a loan or open a new account. You can add a fraud alert or credit freeze to your credit profile by contacting any of the three major credit reporting agencies.

Frequently Monitor Your Credit Report and Financial Statements

Protecting yourself after a data breach is a longer process than most realize. The information hackers obtain through data breaches doesn’t expire, and while most hackers use the information obtained in a breach as quickly as possible, that isn’t always the case. Thus, it is essential to continually monitor your credit report and financial accounts, keeping an eye out for any signs of fraud or identity theft.

Those data breach victims who have questions about what to do after a data breach or what they have should contact an experienced data breach lawyer for immediate assistance.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide