On August 17, 2022, Brasseler USA (“Brasseler”) reported a data breach with the Montana Department of Justice after an unauthorized party gained access to the company’s computer network. According to Brasseler, the breach resulted in the following consumer information being compromised: names, social security numbers, driver’s license numbers, passport numbers; financial account information (including debit card and credit card numbers), medical and insurance information; and other information, such as dates of birth. After confirming the breach and identifying all affected parties, Peter Brasseler Holdings, LLC began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Peter Brasseler Holdings, LLC data breach, please see our recent piece on the topic here.
What We Know About the Peter Brasseler Holdings, LLC Data Breach
The information about the Brasseler USA data breach comes from the company’s official filing with the Montana Department of Justice. Evidently, on or around June 24, 2022, Brasseler learned that it was the victim of a ransomware attack. In response, the company secured its servers, reported the incident to law enforcement, and then worked with third-party data security specialists to investigate the nature and scope of the cyberattack and its effect on consumers.
As a result of this investigation, in July 2022, the company learned that certain files containing sensitive consumer data were compromised, meaning they were accessible and possibly stolen by the unauthorized party.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Peter Brasseler Holdings, LLC began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your name, Social Security numbers, driver’s license numbers, passport number, financial account information (including debit card and credit card numbers), medical and insurance information, and other information, such as date of birth.
On August 17, 2022, Peter Brasseler Holdings, LLC sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Brasseler USA
Founded in 1976, Brasseler USA is a dental and surgical product manufacturer based in Savannah, Georgia. The company designs and manufactures a wide range of products for use in dentistry, endodontics, prosthodontics, periodontics, orthodontics, pedodontics, oral-maxillofacial surgery, dental hygiene, surgical and dental laboratory applications. Peter Brasseler Holdings, LLC employs more than 309 people and generates approximately $83 million in annual revenue.
Ransomware Attacks: One of the Leading Causes of Data Breaches in 2022
Historically, ransomware attacks have been one of the most common types of cyberattacks. And this continues to be the case, with an estimated 189 million people falling victim to these attacks in 2021 alone. Thus, it is important for all consumers—but especially those who have had their information compromised in a recent data breach—to understand the risks of a ransomware attack.
As a general matter, a ransomware attack occurs when a hacker or other bad actor installs malware on a victim’s computer. Hackers frequently do this by sending a phishing email to an employee, hoping to get them to click on a malicious link that downloads the malware onto their computer. Once the victim’s device is infected with malware, it encrypts some or all of the files on the computer and may infect other parts of the network. The hackers then send the victim organization a message, demanding it pays a ransom if it wants access to the device or network. In theory, once the victim organization pays the ransom, the hackers decrypt their computer, which ends the attack—from the company’s perspective.
There is, however, a new type of ransomware attack in which the hackers who orchestrated the attack threaten to publish any exfiltrated data if the ransom goes unpaid. Companies do not want to be seen as putting money over the privacy of their customers’ information, so this adds to the incentive to pay a ransom. Not surprisingly, these new ransomware attacks have been highly successful.
While there is no evidence that the consumer data stolen during the Brasseler data breach has made its way to the dark web, it remains a possibility. Once on the dark web, cybercriminals can bid on the data, which they can then use to commit identity theft and other frauds. Of course, while companies that are targeted in a ransomware attack are victims in some sense, the real victims of these attacks are the consumers whose information ends up in the hands of those looking to commit fraud.
Companies not only have the resources to pay an occasional ransom, but they also have the ability (and responsibility) to implement strong data security systems designed to prevent these attacks in the first place. Victims of a data breach who would like to learn more about how to reduce the risk of identity theft or learn about their options to hold the company that leaked their information accountable should contact a data breach lawyer as soon as possible.