On December 26, 2024, CR&R Incorporated d/b/a CR&R Environmental Services (“CR&R”) filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access the company’s IT network. In this notice, CR&R Environmental Services explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, CR&R began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from CR&R Incorporated, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the CR&R Waste Management data breach. For more information, please see our recent piece on the topic here.
What Caused the CR&R Environmental Services Data Breach?
The CR&R Waste Management data breach was only recently announced, and more information is expected in the near future. However, CR&R Environmental Services’ filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, on October 30, 2024, CR&R Environmental Services discovered a potential data security incident involving what appeared to be a cyberattack.
In response, CR&R investigated the incident. Through this investigation, CR&R Environmental Services confirmed that an unauthorized party had been able to access portions of its IT network. Per the company’s filing with the Maine Attorney General, the period of unauthorized access was on or around October 19, 2022.
After learning that sensitive consumer data was accessible to an unauthorized party, CR&R Environmental Services reviewed the compromised files to determine what information was leaked and which consumers were impacted. CR&R recently completed this process, determining that the breach affected the personal information of 9,895 people.
On December 26, 2024, CR&R Environmental Services sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About CR&R Incorporated
CR&R Incorporated is one of the largest privately owned waste and recycling management companies in the United States. Headquartered in Stanton, California, CR&R Environmental Services serves residential, commercial, and industrial customers across Southern California, Arizona, Nevada, and Colorado. The company provides comprehensive waste collection, recycling, and disposal services, as well as innovative programs such as organics recycling and anaerobic digestion facilities for renewable energy production. In total, CR&R Environmental Services serves more than 3 million people and over 25,000 businesses. The company employs approximately 1,400 employees and generates an estimated $145 million in annual revenue. For more information, visit their website at www.crrwasteservices.com.