The North Highland Company, LLC Announces Data Breach Affecting Current and Former Employees

Console and Associates, P.C.

On July 8, 2022, The North Highland Company, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on North Highland’s network through a ransomware attack. According to North Highland, the breach resulted in an unauthorized party accessing a wealth of employee data, including names, Social Security numbers, addresses, bank account numbers, payroll information, personal phone and email addresses, dates of birth, background check information, employment screening information and health-related information. North Highland also recently sent out data breach letters to all affected parties explaining what information was compromised and explaining the events leading up to the breach.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of The North Highland Company data breach, please see our recent piece on the topic here.

What We Know About The North Highland Company Data Breach

According to official notice filed by the company, on June 6, 2022, North Highland learned that it had been targeted in a ransomware attack. In response, the company initiated an investigation into the incident with the assistance of multiple third-party data security experts.

On June 28, 2022, the company’s investigation confirmed that certain files containing personal information belonging to current and former employees had been removed from North Highland’s computer system by the attackers.

Upon discovering that sensitive employee data was stolen by the hackers, The North Highland Company then reviewed the affected files to determine what information was compromised and which employees were affected. While the breached information varies depending on the individual, it may include your name, Social Security number, identity number, tax number, address, bank account number and other payroll information, personal phone and email addresses, date of birth, benefits information, background check and employment screening information, performance related records, health-related information you may have provided to North Highland, and other employment-related information.

On July 7, 2022, The North Highland Company sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

The North Highland Company, LLC is a management consulting firm based in Atlanta, Georgia. The company provides supply chain and distribution consulting services, as well as IT solutions and services to businesses across varying industries, including energy and utilities, healthcare, financial services, hospitality and leisure, life sciences, retail and consumer products, and transportation. The North Highland Company employs more than 5,000 people and generates approximately $1 million in annual revenue.

New Report Indicates Ransoms Decreasing in Value, but Ransomware Attack Numbers Remain Unaffected

For the past few years, ransomware attacks have been one of the most common types of cyberattacks. According to the Identity Theft Resource Center, the number of ransomware attacks grew from 83 in 2019 to 321 in 2020. That’s an increase of about 250 percent. However, according to at least one recent report, as of 2022, the dollar figures hackers are commanding as ransoms are decreasing.

According to a report by BleepingComputer, the median ransomware payment decreased 51 percent to just over $36,000 between the first and second quarters of 2022. This figure represents a further decline from the peak value of ransoms in the fourth quarter of 2021 when the median ransomware payment was over $117,000.

However, this isn’t all necessarily good news because, as the article points out, the decrease in ransom values is largely due to hackers targeting small to mid-level organizations rather than large multinational companies. Apparently, hackers are adjusting their demands based on the size of their target, probably in an effort to make ransoms more affordable.

Another trend in ransomware attacks is threatening to release the exfiltrated data to the dark web. This is another tactic ransomware hackers use to incentivize companies to pay a ransom. After all, an unaffordably high ransom isn’t going to get paid, which means hackers’ plans will not be profitable. This is the same line of reasoning why, as a general rule, ransomware attackers tend to make good on their promises not to publish data and to restore systems upon payment of the ransom. Because if no one believed that paying a ransom made a difference in what hackers did with consumer data, what company would choose to pay one? The bottom line is that hackers are sophisticated criminals who know what they need to do to carry on their activities and continue to reap profits at the expense of consumers.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.