Avery Products Corporation recently alerted customers about a ransomware attack that affected certain systems within the company. The breach, which occurred between July 18 and December 9, 2024, involved malicious software that scraped sensitive customer data from their website, avery.com. Upon discovering the incident on December 9, Avery immediately launched an investigation with the help of forensic experts to understand the full scope of the attack. Their investigation confirmed that the unauthorized actor may have accessed personal information such as names, addresses, phone numbers, payment card details (including CVV numbers and expiration dates), and purchase amounts.
The company emphasized that it does not collect highly sensitive personal data
The company emphasized that it does not collect highly sensitive personal data such as Social Security numbers or government-issued ID numbers, and there was no indication that online account credentials were compromised. Although the breach occurred over a period of several months, Avery initially did not have evidence that the scraped information had been exfiltrated or used maliciously. However, after receiving reports from customers about fraudulent charges and phishing attempts, the company now believes it is possible that payment card information and other data may have been acquired by the attacker.
In response to the incident, Avery is taking several steps to protect customers and prevent future breaches. The company has bolstered its security measures and continues to assess and update its protocols. Additionally, it is working closely with state regulators and Attorneys General to address the breach and ensure proper reporting. As a precautionary measure, Avery is offering affected customers 12 months of free credit monitoring services through Cyberscout, a TransUnion company, to help mitigate any potential harm resulting from the breach.
Avery Products Corporation has expressed its commitment to safeguarding the privacy and security of customer information. While it remains uncertain whether the breached data has been used for fraudulent activities, the company is urging affected individuals to take necessary precautions. Customers have been notified directly, and the company is providing resources and assistance as it continues to monitor and investigate the incident.
Reference:
