On August 11, 2022, Valent U.S.A. LLC reported a data breach with various state attorney generals’ offices stemming from what appears to have been a ransomware attack. According to Valent, the breach resulted in the names, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information and dates of birth of certain individuals being compromised. After confirming the breach and identifying all affected parties, Valent U.S.A. began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Valent U.S.A. data breach, please see our recent piece on the topic here.
What We Know About the Valent U.S.A. Data Breach
The information about the Valent U.S.A. LLC data breach comes from multiple documents the company filed with state consumer protection agencies. According to the most current information, on October 24, 2021, Valent discovered that employees were unable to access some of the company’s computer systems. In response, the company secured its network and then retained an outside cybersecurity firm to investigate the incident.
This investigation revealed that Valent was the target of a cyberattack that encrypted some of the files on its network. Valent was also able to determine that the affected files contained sensitive information belonging to certain people.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Valent U.S.A. began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, passport number, financial account information, medical information and date of birth.
On August 11, 2022, Valent U.S.A. sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Valent U.S.A. LLC
Founded in 1988, Valent U.S.A. LLC is an agricultural chemical manufacturer based in Walnut Creek, California. The company creates and sells a range of chemical products used in the agriculture industry, including herbicides and pesticides. Valent U.S.A. LLC owns and operates a number of subsidiaries, including Valent BioSciences LLC, Mycorrhizal Applications LLC, Pace International LLC, and McLaughlin Gormley King (MGK). Valent U.S.A. employs more than 750 people and generates approximately $160 million in annual revenue.
Was Valent U.S.A. LLC Targeted in a Ransomware Attack?
In the company’s data breach letter, Valent U.S.A. LLC explained that it first learned it was the victim of a cyberattack when it noticed certain files on its network had been encrypted. Encryption is common in the technology world, and while encryption is frequently used for legal purposes, it is also frequently used by hackers to orchestrate cyberattacks—specifically, ransomware attacks.
Encryption is a process that encodes files, preventing anyone from accessing the encrypted files unless they have an encryption key, such as a password. Companies encrypt files every day to protect sensitive information, such as personal employee information, payroll data and more. However, cybercriminals also use encryption when carrying out a ransomware attack. So, while Valent did not explicitly say that the company was the victim of a ransomware attack, based on its data breach letter, it appears that was the case.
A ransomware attack is a type of cyberattack that involves a hacker installing malware on the victim’s computer. This malware encrypts the files on the victim’s device and may be designed to spread throughout any connected network devices. When the victim logs back on to their computer, they will see a message from the hackers demanding they pay a ransom to regain access to their computer. If the victim pays the demanded ransom, the hacker will decrypt the files. Generally, hackers follow through on their commitment to decrypt files because, if they didn’t, companies would have no reason to pay a ransom.
However, to add to a company’s incentive to pay a ransom, hackers have started to threaten to publish the stolen data if the ransom is not paid. However, the FBI takes a clear stance on the issue, asking companies not to pay ransoms because doing so “emboldens” the hackers and makes their criminal activity profitable.
The easier way of dealing with a ransomware attack is to prevent it in the first place. For example, companies can take certain steps to avoid becoming the target of a ransomware attack, such as developing a strong data security system and providing training to employees about the risks of cyberattacks and how to avoid them.