Gaedeke Group, LLC Confirms Compromised Email Account Led to Recent Data Breach

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

On July 28, 2022, Gaedeke Group, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on various compromised employee email accounts. According to Gaedeke, the breach resulted in the names, addresses, Social Security numbers, driver’s license numbers, passport numbers, and certain medical information of certain employees, suppliers and other individuals being compromised. Recently, Gaedeke sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Gaedeke Group data breach, please see our recent piece on the topic here.

The Details of the Gaedeke Group Data Breach

Based on the information provided in the company’s official filing, the Gaedeke Group, LLC recently learned that an unauthorized party or parties had gained access to certain employee email accounts. In response, the company secured the affected accounts and began working with a security forensics firm to investigate the incident.

The company confirmed that the unauthorized individuals had access to employee email accounts between June 28, 2021 and August 24, 2021.

After learning that sensitive consumer data was accessible to an unauthorized party, Gaedeke Group then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, driver’s license number, passport number, and certain medical information.

On July 28, 2022, Gaedeke Group sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Founded in 1995, Gaedeke Group, LLC is a real estate company specializing in office space. Gaedeke Group is based in Dallas, Texas, but maintains a portfolio of 3 million square feet of office space real estate in Arizona, Texas, Florida, New York and Washington, D.C. Gaedeke Group also provides investment, acquisition, leasing, management, construction management, and portfolio management services to its corporate clients. Gaedeke Group employs more than 100 people and generates approximately $25 million in annual revenue.

Phishing: The Most Common Way Hackers Get into Employee Email Accounts

In the notice provided to victims of the recent data breach, Gaedeke Group explains that the incident was the result of an unauthorized party gaining access to employee email accounts. However, the company did not mention how the unauthorized party was able to get into the email accounts.

While there are a few tricks hackers can use to obtain unauthorized access to employee email accounts, most email-based cyberattacks involve phishing.

Phishing is a type of cyberattack where a hacker sends the victim, usually an employee of a company, an email from a seemingly legitimate source. Phishing emails are designed and look official; for example, they may contain the company logo and come from a very similar domain name. In the email, the hacker tries to trick the employee into giving them the information needed to access the employee’s email account. The hacker does this by relying on principles of social engineering to make the employee feel as though they should do as the hacker asks without the need to confirm with management. For example, the following are all common subjects of a phishing email:

  • The employee reached their email storage limit;

  • An email the employee sent was returned as undeliverable; or

  • There was an unauthorized login to the employee’s account, necessitating a password reset.

Most often, hackers either include a simple request for information or include a malicious link that, when clicked, takes the employee to a totally unrelated website that, again, appears legitimate. In some cases, hackers will attach malicious files to an email, asking the employee to download the file.

According to the Identity Theft Resource Center, a third of all cyberattacks in 2021 were phishing attacks. This makes phishing the single most common cyberattack. In part, this is because phishing attacks are among the easiest to carry out and have an incredibly high success rate. For example, according to a study from 2021, employees in the United States receive 14 malicious emails per year on average. However, employees in certain industries, such as retail workers, receive more than four times the number of malicious emails. Perhaps the most shocking phishing statistics is that 86% of companies reported having at least one employee click a phishing link in 2021.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide