Recently, Brown Brothers Harriman & Co. (“BBH”) experienced a data breach after an unauthorized party gained access to sensitive consumer information provided to BBH through a cyberattack committed against one of the company’s vendors. According to the BBH, the breach resulted in the names, mailing addresses, Social Security numbers, and account numbers being compromised. On May 11, 2022, BBH filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Brown Brothers Harriman data breach, please see our recent piece on the topic here.

What We Know About the Brown Brothers Harriman Data Breach

According to an official notice filed by the company, in December 2021, BBBH was notified by one of its third-party vendors, R.R. Donnelley & Sons Company (“RRD”), that the company had been the target of a cyber attack. Through independent sources, it was confirmed that this was a ransomware attack.

Initially, RRD informed BBH that the intrusion only affected RRD’s systems and that no BBH data was involved. However, in March 2022, RRD reached back out to BBH to tell the company that during the cyberattack, the unauthorized party extracted BBH files from RRD’s system.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Brown Brothers Harriman then reviewed the affected files to determine exactly what information was compromised. While the breached information varies depending on the individual, it may include your name, mailing address, Social Security number, and account number. The Brown Brothers Harriman data breach is believed to have impacted as many as 2800 individuals.

On May 11, 2022, Brown Brothers Harriman sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Brown Brothers Harriman & Co.

Brown Brothers Harriman & Co. is a privately owned and managed financial services company based in Boston, Massachusetts. BBH works with investors, corporations, insurance companies, asset managers, and institutional investors, providing private banking, investment management and investor services to individuals and organizational clients. Brown Brothers Harriman employs more than 6,000 people and generates approximately $1 billion in annual revenue.

Liability Following a Data Breach

Under the United States data breach laws, companies may be financially liable to consumers whose information is leaked as the result of a data breach. However, the mere fact that a breach occurred is not enough to hold a company liable; there must be evidence that the company was negligent and that negligence led to the breach.

Looking at the BBH breach as an example, there are two potentially liable parties. First, R.R. Donnelley & Sons, the target of the breach resulting in the leaked information, may have been negligent in maintaining the data entrusted to the company. For example, this may be because the company failed to implement an effective data security system, the company mishandled a ransomware attack, or a company employee provided access to an unauthorized party.

The other potentially liable party in a breach such as this one is BBH. Certainly, BBH appears to be a victim of the RRD breach. However, at the same time, BBH has a duty to its clients to ensure that the third-party vendors it entrusts with client data have the data security systems in place to safeguard that information.

Of course, it’s too early to tell if either of these companies bears responsibility for the breach. Those who are interested in learning more about the steps to take following a data breach to protect themselves should reach out to an experienced data breach law firm as soon as possible.