John Thomas, Inc. (“JTI”) has recently reported a data breach to the Attorney General of Montana, indicating that sensitive personal identifiable information may have been compromised. The breach was detected after JTI discovered suspicious activity within its email environment, prompting an immediate investigation to assess the nature and extent of the incident. This inquiry revealed that unauthorized actors may have accessed sensitive personal information through employee email accounts during a specified period from February 1, 2024, to April 1, 2024. Although the company has not disclosed the exact types of personal information exposed, it has acknowledged that various categories of sensitive data could have been compromised.
The investigation led JTI to undertake a thorough review of the affected data to identify which individuals may have been impacted by the breach. According to state reporting guidelines, “personal information” can encompass a wide range of sensitive details, including names, Social Security numbers, driver’s license numbers, financial account information, and medical records. The company’s commitment to transparency has driven it to begin mailing data breach notification letters to those individuals who may have been affected by the incident, ensuring they are aware of the potential risks associated with the breach.
In addition to notifying impacted individuals, JTI is providing complimentary identity monitoring services for a period of 12 months. This proactive measure is intended to help affected individuals protect their personal information from potential misuse, offering them a layer of security in light of the breach. JTI is emphasizing its commitment to addressing the situation and mitigating any potential harm that may arise as a result of the unauthorized access to personal data.
Moving forward, JTI is focused on reinforcing its security protocols to prevent similar incidents from occurring in the future. The company recognizes the importance of maintaining the trust of its customers and employees and is dedicated to implementing measures that enhance data protection. As the situation evolves, JTI plans to keep stakeholders informed, reinforcing its commitment to transparency and security in an increasingly challenging cybersecurity landscape.
Reference: