Employee Group Insurance Benefits Plan of Acuity Brands, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Acuity Brands, Inc., a lighting and building management solutions company based in Atlanta, Georgia, experienced two significant data breaches that affected the personal information of over 37,000 current and former employees. The first breach occurred on December 7 and 8, 2021, when an unauthorized party accessed and copied a subset of files from the company’s network. The second, unrelated breach took place on October 6 and 7, 2020, and also involved an attempt to copy files from the company’s systems.
The compromised information from the December 2021 incident may have included names, Social Security numbers, driver’s license numbers, financial account information, and enrollment and claims information related to employees’ participation in Acuity’s health plan. Additionally, limited health information related to other aspects of employment, such as injury information related to workers’ compensation claims or requests for leave under the Family and Medical Leave Act, may have been included
The October 2020 incident involved similar types of information, but there was no information related to Acuity’s health plan involved in this breach
Acuity Brands has since taken steps to secure its systems and has engaged a third-party cybersecurity firm to conduct a thorough investigation
The company has also mailed letters to the affected individuals and offered credit monitoring services to eligible individuals
There is evidence suggesting that the 2021 attack may have been carried out by the notorious Conti ransomware group, although Acuity Brands’ data security incident notice does not mention ransomware
Acuity Brands may be facing legal action as a result of these security incidents, with a class action lawsuit filed in a Georgia federal court alleging negligence and violations of contract and privacy laws