Recently, furniture retailer American Freight, LLC (“American Freight”) experienced a data breach stemming from an unauthorized party gaining access to employees’ email accounts. While the breach is believed to have occurred in November and December of 2020, the company only recently sent out data breach notification letters on August 23, 2021. In this letter, American Freight outlines the information that was accessed by the third-party, which may include: full names, addresses, bank account numbers, credit card numbers, security codes, PIN numbers, passwords, and access codes. Essentially, any information contained in an email or attachment located in one of the hacked email accounts was compromised. This is exactly the type of data breach that can result in a consumer falling victim to identity theft or suffering other financial losses.
Too often, people disregard data breach notifications because they assume that it can’t happen to them. However, in recent years, instances of identity theft have been on the rise. If you recently received a data breach letter from American Freight, it is essential that you treat the situation with the seriousness it deserves. Additionally, you may be eligible for financial compensation through a data breach lawsuit if evidence emerges that American Freight mishandled your data leading up to the breach.
Can Data Breach Victims Hold American Freight Financially Liable?
Did you ever think that by giving American Freight your business, you’d be handing over your personal information to a total stranger? Probably not. As a customer, you expect that businesses will protect your sensitive information.
Indeed, businesses like American Freight have a legal obligation to protect your personal, identifying and financial information. If a company fails to safeguard your data, you can pursue a data breach lawsuit against the company. Of course, data breach and consumer privacy laws are complex, and it is too early to say whether American Freight could have done more to prevent the data breach. However, our data breach law firm is currently investigating whether there is a possible class action data breach lawsuit against American Freight, LLC. If you have questions about your ability to bring an American Freight class action lawsuit, it is important you reach out to a data breach lawyer as soon as possible.
What Should You Do if You Got an American Freight Data Breach Letter
If American Freight, LLC sent you a data breach notification letter, it is important you take a moment and reflect upon what just happened. An unauthorized person gained access to an American Freight employee’s email account. Contained in one of the emails or in an attachment is your personal information. Why the third party sought your data is unclear; however, you cannot rule out the possibility of criminal intent. While receiving a data breach letter isn’t a guarantee you will fall victim to identity theft, it’s worth taking steps to protect yourself. Below are a few ways to protect yourself from identity theft and the other possible financial risks that can step from a data breach:
Carefully read the data breach letter from American Freight to determine what information of yours was accessible;
Make a copy of the letter for your records;
Sign up for the free credit monitoring service provided by American Freight, LLC;
Change the passwords for all your online accounts;
Frequently check your credit card and bank accounts for signs of suspicious activity, fraud or identity theft;
Monitor your credit report for any unexpected changes that may be a sign of identity theft;
Contact one of the major credit bureaus and request they add a fraud alert to your account; and
Notify your banks and credit card companies of the data breach.
About American Freight, LLC
Founded in 1994, American Freight is a furniture retailer based out of Delaware, Ohio. The company was founded to meet the needs of working families who were looking for reasonably priced furniture options. The company grew quickly, and by 2014, it was operating 95 stores in 18 states. In 2020, American Freight combined with Sears Outlet and FFO Home to create the new American Freight Company. American Freight currently operates over 350 locations across 40 states and in Puerto Rico. American Freight generates about $145 million in revenue each year.
The Details of the American Freight, LLC Consumer Data Breach
According to the official sources, on June 11, 2021, American Freight first reported a data breach that is believed to have compromised the personal information of more than 36,000 consumers. Evidently, around that time, American Freight realized that an unauthorized party had gained access to the email accounts of a small number of employees. American Freight investigated the incident, and it was determined that any information contained in an employee’s email account, or an attachment to an email, was accessible by the unauthorized third party. This information includes full names, addresses, bank account numbers, credit card numbers, security codes, PIN numbers, passwords, and access codes. It was also discovered that the data was accessible to the third party between November 24, 2020, and December 9, 2020.
Below is a copy of the data breach letter issued by American Freight, LLC (the actual notice sent to consumers can be found here). The copy below is unedited.
American Freight, LLC and its related subsidiaries and affiliates, including American Freight Outlet Stores, LLC (“American Freight”), understands the importance of protecting and securing the personal information that we maintain. I am writing to inform you of an incident that may have involved some of your information. This notice explains the incident, measures we have taken, and some steps you may consider taking.
The investigation determined that an unauthorized person had access to the contents of the accounts at various times between November 24, 2020, and December 9, 2020. The investigation did not determine whether the unauthorized individual viewed any contents in the subject email accounts. We searched the contents of the accounts to identify documents containing personal information that may have been viewed or acquired and on June 11, 2021, we determined that an email or attachment contained your <>. To date, we do not know that your information was viewed or acquired, and we have no indication that your information has been misused. We encourage you to remain vigilant by reviewing your account statements and credit reports for any unauthorized activity. If you see charges or activity you did not authorize, please contact your financial institution immediately. As an added precaution, we have secured the services of Kroll to provide identity monitoring at no cost to you for one year. Your identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration. For more information on the Kroll Identity Monitoring services offered, including instructions on how to activate your complimentary one-year membership, please visit the below website:
Visit https://enroll.krollmonitoring.com to activate and take advantage of your identity monitoring services. You have until November 2, 2021 to activate your identity monitoring services. Membership Number: <>
Your confidence and trust are important to us, and we regret any inconvenience or concern this incident may cause. To help further protect against an incident like this, we are taking steps to enhance our existing security protocols and re-educating our staff for awareness on these types of incidents. If you have any questions, please call 1-???-???-????, Monday through Friday from 8:00 a.m. through 5:30 p.m. Central Time, excluding some U.S. holidays.