On September 8, 2022, Wilson’s Gun Shop, Inc. confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer information that was entrusted to the company. According to Wilson Combat, the breach resulted in the names, addresses and financial account information of certain parties being compromised. While the notice filed by the company indicates that it has not yet sent out data breach letters, affected parties should expect to receive notification of the breach in the coming weeks. Wilson Combat estimates that the breach affected 13,522 individuals in the State of Texas alone; however, the total number of victims has not yet been confirmed.

If you receive a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Wilson’s Gun Shop data breach, please see our recent piece on the topic here.

What We Know About the Wilson’s Gun Shop Data Breach

News of the Wilson Combat breach is still developing, and the only information about the incident comes from the company’s official filing with the Attorney General of Texas. According to this source, the breach leaked the names, addresses and financial account information (such as credit card or debit card numbers, expiration dates, and CCV codes) of certain parties. Based on the type of information that was compromised, it would appear that the incident affected customers who purchased goods on the company’s website, although this has not been confirmed by the company.

Wilson Combat reports that the breach involved 13,522 Texas residents. However, the total number of data breach victims is not currently known.

Under Texas data breach laws, companies must report a breach within 60 days from the time the company discovers the breach. However, this timeline can be extended if the company is cooperating with law enforcement or actively investigating the incident. Regardless, those affected by the Wilson Combat breach should expect to receive notice of the incident in the near future, most likely through U.S. mail.

Founded in 1977, Wilson’s Gun Shop, Inc. is a firearm manufacturer based in Berry, Arkansas. The company specializes in high-performance, custom 1911 handguns, tactical long guns, and accessories. Some of the company’s products include the X-TAC Supergrade pistol, AR-15, AR-10, AR-9 and a variety of different types of shotguns. Wilson Combat also allows customers to build their own custom 1911 pistol to their exact specifications. Wilson’s Gun Shop employs more than 200 people and generates approximately $79 million in annual revenue.

What Are the Potential Causes of a Data Breach?

Given the recency of the Wilson’s Gun Shop data breach, little is known about what caused the incident. However, what we do know is that the reason hackers and cybercriminals carry out data breaches is to obtain sensitive consumer information they can either use themselves to commit fraud against the victims or sell to a third party. There are a few different ways hackers can orchestrate a data breach.

Most data breaches involve either malware or ransomware attacks. Malware, or malicious software, is a program that is intended to disrupt the normal operations of a company’s computer system. Most malware programs are designed to leak information contained on the company’s network and send that information back to the hackers.

Ransomware attacks use a specific type of malware that encrypts some or all of the victim’s files, preventing them from accessing their device. When the victim tries to log back into their computer, they are met with a message from the hackers demanding they pay a ransom. If the company chooses not to pay the ransom, the hackers may leak the stolen information onto the dark web, where criminal actors can freely access the data.

Another possibility is a data scraping attack. Data scraping refers to the process of using automated bots to extract information from a website. Data scraping is frequently used for legitimate purposes; for example, search engines use data scraping when crawling a website to determine which sites are most relevant to a user’s search. However, hackers can use data scraping techniques in conjunction with malicious software to obtain credit and debit card information from customers who make a purchase at an online store. Hackers do this by surreptitiously placing a line of malicious code on the back end of the online store’s website, which captures customers’ payment information when they make a purchase.

While these types of cyberattacks differ in how they are carried out, the end result is the same: hackers end up in the possession of sensitive consumer information. While hackers can target any type of data, they usually target the most profitable types of information, including:

  • Bank account numbers,

  • Credit and debit card numbers,

  • Healthcare information.

  • Insurance information,

  • Names and addresses, and

  • Social Security numbers.

Given the importance of this information—and the relative ease with which hackers can use it to steal a victim’s identity or commit other types of fraud—it is essential that data breach victims understand their rights and what they can do to protect themselves in the event of a data breach.