• 5
  • Hospitals
  • 5
  • GA
  • 5
  • Employee Group Insurance Benefits Plan of Acuity Brands, Inc.

Employee Group Insurance Benefits Plan of Acuity Brands, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Acuity Brands, Inc., a lighting and building management solutions company based in Atlanta, Georgia, experienced two significant data breaches that affected the personal information of over 37,000 current and former employees. The first breach occurred on December 7 and 8, 2021, when an unauthorized party accessed and copied a subset of files from the company’s network. The second, unrelated breach took place on October 6 and 7, 2020, and also involved an attempt to copy files from the company’s systems.

The compromised information from the December 2021 incident may have included names, Social Security numbers, driver’s license numbers, financial account information, and enrollment and claims information related to employees’ participation in Acuity’s health plan. Additionally, limited health information related to other aspects of employment, such as injury information related to workers’ compensation claims or requests for leave under the Family and Medical Leave Act, may have been included

The October 2020 incident involved similar types of information, but there was no information related to Acuity’s health plan involved in this breach

Acuity Brands has since taken steps to secure its systems and has engaged a third-party cybersecurity firm to conduct a thorough investigation

The company has also mailed letters to the affected individuals and offered credit monitoring services to eligible individuals

There is evidence suggesting that the 2021 attack may have been carried out by the notorious Conti ransomware group, although Acuity Brands’ data security incident notice does not mention ransomware

Acuity Brands may be facing legal action as a result of these security incidents, with a class action lawsuit filed in a Georgia federal court alleging negligence and violations of contract and privacy laws

Breach Submission Date Dec 06, 2022
Converted Entity Name Employee Group Insurance Benefits Plan of Acuity Brands, Inc.
Converted Entity Type Health Plan
State GA
Individuals Affected 20,849
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes