Artech, LLC Discloses Security Incident Possibly Affecting Security of Personal Information – Unauthorized Actor Had Access to Certain Artech Systems

Artech, LLC (“Artech”) filed a Notice of Data Event with the State of California Department of Justice, Office of the Attorney General, which, among other things, stated that

[o]n January 8, 2020, Artech received a report of unusual activity relating to an employee’s Artech user account. Artech immediately began investigating this report and through that investigation identified ransomware on certain Artech systems. That same day Artech engaged a leading third-party forensic investigation firm to assess the security of its systems and to confirm the nature and scope of the incident. On January 15, 2020, the investigation determined that an unauthorized actor had access to certain Artech systems between January 5, 2020, and January 8, 2020. Artech undertook a comprehensive review of these systems and determined that some personal information was present in them at the time of the incident. Artech reviewed this information and its internal records to identify the individuals associated with this information and their contact information for purposes of providing notice. On or around June 25, 2020, we completed this review and determined that personal information relating to certain individuals was contained in one or more of the involved files. [Emphasis added.]

Artech also disclosed that “[t]he investigation determined that at the time of the incident the involved files may have contained information including name, Social Security number, medical information, health insurance information, financial information, payment card information, driver’s license/state identification number, government issued identification number, passport number, visa number, electronic/digital signature, username and password information.” [Emphasis added.]

According to (“US Staffing Firm Artech Keeps Silent About Data Breach, Leaves Customers at Risk of Fraud for Eight Months”):

BleepingComputer reportedly became aware of the breach on January 11, when the REvil gang advertised 337MB of the stolen data on a website used to shame victims and coerce them into paying a ransom. Artech allegedly ignored the publication’s emails and only recently acknowledged the hack, leaving affected customers vulnerable to fraud and phishing attacks. 

. . .

As noted by, Artech first sent out breach notifications at the beginning of September, despite completing its investigation at the end of June. From early January to early September, Artech knowingly left customers at risk of fraud and ID theft. [Emphasis added.]

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.