Truckload carrier C.R. England notified customers this week that their personal information may have been compromised in a data breach that occurred last fall.
A C.R. England spokesman confirmed the letter said the company had been the victim of “unauthorized activity” in its systems on Oct. 30, 2021.
“In response, we immediately began containment, mitigation and restoration efforts to terminate the activity and to secure our network, systems and data,” the letter said. “In addition, we retained independent cybersecurity experts to conduct a forensic investigation into the incident and assist us in determining what happened.”
The process was not quick and the C.R. England letter said it was not until April 20 that the company concluded the files affected by the data breach “contained some of your personal information.”
In a post on the legal website J.D. Supra, Richard Console, of the law firm of Console & Associates, said that the breach is believed to have affected roughly 224,500 individuals whose Social Security numbers may have been compromised.
In a statement released to FreightWaves, TJ England, the company’s chief legal officer, said it was the first such breach that C.R. England has experienced.
“C.R. England has notified potentially affected individuals and set up a call center to address any questions from those individuals,” he said. “C.R. England has no reason to believe that any information involved was or will be published, shared or otherwise misused.”
Following the breach and leading up to the April 20 conclusion about the impact of the cyberattack, the company “reviewed the affected files to identify the individuals whose personal information may have been impacted by this incident and the categories of information involved for each individual.”
C.R. England said it was offering its affected customers one or two years of complimentary identity theft protection from IDX, which it described as a “data breach and identity recovery services expert.” It also notified the FBI of the breach.
On its webpage, the Console law firm said it would seek to interview “victims of the breach to determine what damages they sustained and what legal claims may be available to them.”