On August 5, 2022, American Wholesale Furniture Company (“AWF”) reported a data breach with a state attorney general’s office. At this early point, little is known about the AWF breach; however, state data breach reporting laws require companies to report a breach anytime a consumer’s name and one or more of the following data types are leaked: Social Security numbers, driver’s license numbers, bank or credit card account numbers, or medical records. Thus, while it cannot be confirmed, it is likely that the American Wholesale Furniture breach affected one or more of these data types. After confirming the breach and identifying all affected parties, American Wholesale Furniture began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the American Wholesale Furniture data breach, please see our recent piece on the topic here.
What We Know About the American Wholesale Furniture Data Breach
The information about the American Wholesale Furniture Company data breach comes from documents the company filed with a state attorney general’s office. According to the most recent information, on March 8, 2022, AWF learned that the company was the victim of a cyberattack that potentially affected the sensitive information in its possession. In response, AWF secured its systems and then launched an investigation into the incident with the assistance of third-party cybersecurity specialists.
On July 3, 2022, American Wholesale Furniture completed its investigation, confirming unauthorized access to certain files containing sensitive consumer information. Next, American Wholesale Furniture began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. Unfortunately, the publicly available information provided by the company does not indicate which data types were leaked as a result of the incident. However, it is likely that one or more of the following were compromised: Social Security numbers, driver’s license numbers, bank or credit card account numbers, or medical records.
On August 5, 2022, American Wholesale Furniture sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About American Wholesale Furniture Company
Founded in Indianapolis, Indiana, in 1986, American Wholesale Furniture Company is a furniture wholesaler that sells a wide range of home furnishings to retail and “rent to own” stores. The company delivers to between 600 to 800 stores per week and also allows dealers to order inventory on the company’s website, www.awfco.com. American Wholesale Furniture employs more than 87 people and generates approximately $16 million in annual revenue.
How Do Hackers Carry Out Data Breaches?
Data breaches are becoming more common in the headlines. One reason for this is that the number of data breaches has increased dramatically over recent years. However, despite the fact that more than 189 million people were affected by a data breach in 2021, many consumers and businesses underestimate the harm these incidents can cause.
The reason hackers and cybercriminals carry our data breaches is to obtain sensitive consumer information they can either use themselves to commit fraud against the victims or sell to a third party. There are a few different ways hackers can orchestrate a data breach.
Most data breaches involve either malware or ransomware attacks. Malware, or malicious software, is a program that is intended to disrupt the normal operations of a company’s computer system. Most malware programs are designed to leak information contained on the company’s network and send that information back to the hackers,
Another way hackers steal consumer information is through a ransomware attack. Ransomware attacks use a specific type of malware that encrypts some or all of the victim’s files, preventing them from accessing their device. When the victim tries to log back into their computer, they are met with a message from the hackers demanding they pay a ransom.
While these two types of cyberattacks differ slightly in how they are carried out, the end result is the same: hackers end up with sensitive consumer information. While hackers can target any type of data, they usually aim for those data types which are most profitable. These include:
Given the importance of this information—and the relative ease with which hackers can use it to steal a victim’s identity or commit other types of fraud—it is essential that data breach victims understand their rights and what they can do to protect themselves in the event of a data breach.
