On May 23, 2024, Malouf Companies notified the Vermont Attorney General about a data breach that occurred when an unauthorized party accessed its computer network. This breach was first detected on February 7, 2024, when Malouf noticed that parts of its computer system were encrypted and inaccessible. An immediate investigation was launched, revealing that the unauthorized access had been ongoing from September 18, 2023, to February 8, 2024. The breach involved the unauthorized party accessing confidential consumer information.
Malouf Companies took swift action to secure its systems and assess the extent of the damage. By May 1, 2024, the company had completed its review of the compromised files to determine the specific data that was leaked and identify the affected consumers. Subsequently, on May 23, 2024, Malouf began sending out personalized data breach notification letters to all individuals whose information was compromised. These letters provided details about the specific information that was exposed and offered guidance on how to protect against potential fraud and identity theft.
Malouf Companies, founded in 2003 and based in Logan, Utah, is a vertically integrated manufacturing firm that owns several brands, including LinenSpa, Lucid, Malouf Home, Brookside, Mobix, and Cirina. The company employs over 1,700 people and generates approximately $358 million in annual revenue. Given its significant market presence and the sensitivity of the information involved, addressing this breach promptly and effectively is crucial to maintaining consumer trust and security.
For those affected by the data breach, it is essential to understand the risks and take appropriate measures to protect personal information. Engaging with a data breach lawyer can provide valuable insights into preventing fraud and identity theft, as well as exploring legal options following the incident. Malouf Companies’ prompt notification and detailed response efforts underscore the importance of transparency and proactive measures in managing data security incidents.
