On August 18, 2022, Lionel Holdings, LLC reported a data breach with the office of the Attorney General of Texas after the company fell victim to a ransomware attack. While Lionel Holdings did not publicly release the type of data that was leaked in the ransomware attack, the fact that the company reported the incident means that it is likely sensitive consumer information was compromised. After confirming the breach and identifying all affected parties, Lionel Holdings began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Lionel Holdings data breach, please see our recent piece on the topic here.
What We Know About the Lionel Holdings Data Breach
The information about the Lionel Holdings, LLC data breach comes from an official filing with the Attorney General of Texas. Based on the most current information, on April 29, 2022, Lionel learned that it had been the target of a ransomware attack when some of the files on the company’s network were encrypted. In response, the company secured its servers, terminated all unauthorized access, and began working with an outside cybersecurity firm to investigate the incident.
On July 27, 2022, the company’s investigation revealed that an unauthorized party did indeed obtain access to certain company files and that they may have removed copies of these files. The investigation also confirmed that sensitive consumer information was contained in the affected files.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Lionel Holdings began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident.
On August 18, 2022, Lionel Holdings sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Lionel Holdings, LLC
Founded in 1900, Lionel Holdings, LLC is an iconic model train company based in Concord, North Carolina. While the company has manufactured and sold a variety of types of trains over the years, currently, Lionel is the largest manufacturer of O Gauge trains in the world, commanding about 70 percent of the market share. Lionel Holdings employs more than 197 people and generates approximately $105 million in annual revenue.
How Do Cybercriminals Orchestrate Data Breaches?
Data breaches are becoming more common as hackers continue to develop novel ways of bypassing a company’s data security systems. However, while more than 189 million people were victimized by a cyberattack in 2021, many consumers and businesses still do not fully comprehend the harm these incidents can cause—to companies but, more importantly, to consumers.
The reason why hackers carry out data breaches is to steal sensitive consumer information that they can later either use to commit fraud or sell to a third party, usually on the dark web.
There are a few different ways hackers can orchestrate a data breach. Most data breaches involve phishing, malware or ransomware attacks—or a combination of both. Malware, or malicious software, is a program that is intended to disrupt the normal operations of a company’s computer system. Most malware programs are also designed to send any information contained on an infected device back to the hackers.
Ransomware attacks use a specific type of malware that encrypts some or all of the victim’s files once their device is infected. This prevents the victim from accessing their device. When the victim tries to log back into their computer, they are met with a message from the hackers demanding they pay a ransom. When hackers target a company, they aim to infect the entire network (or large portions of it), which often disables the network almost entirely.
Phishing is a type of cyberattack where a hacker sends an employee of a company an email in hopes of getting the employee to provide the hacker with the information they need to access the email account. These emails come from a seemingly legitimate source and are designed to trick even the most discerning employees. Some phishing emails seek to have the employee click on a malicious link that downloads malware on their system.
While these three types of cyberattacks differ slightly in how they are carried out, the end result is the same: hackers end up with sensitive consumer information that they can then use to commit identity theft or other frauds. While hackers can target any type of data, they usually aim for those data types which are most profitable. These include:
Given the importance of this information—and the relative ease with which hackers can use it to steal a victim’s identity or commit other types of fraud—it is essential that data breach victims understand their rights and what they can do to protect themselves in the event of a data breach.