Recently, Weller Truck Parts confirmed that the company experienced a data breach after discovering that it was the victim of a malware attack. According to Weller, the breach resulted in the names and Social Security numbers of 6,675 individuals being compromised. On June 10, 2022, Weller filed official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Weller Truck Parts data breach, please see our recent piece on the topic here.
What We Know About the Weller Truck Parts Data Breach
According to official notice filed by the company, on October 7, 2021, Weller first learned of a malware incident when employees noticed that certain systems were not functioning properly. In response, the company secured its systems and then began a comprehensive investigation into the incident. This investigation confirmed that certain information was accessible and may have been copied between October 1, 2021 to October 7, 2021.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Weller Truck Parts then reviewed the affected files to determine exactly what information was compromised. Weller completed this review on May 23, 2022. While the breached information varies depending on the individual, it may include your name and Social Security number. The Weller data breach is reported to have impacted 6,675 individuals.
On June 10, 2022, Weller Truck Parts sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Weller Truck Parts
Founded in 1932, Weller Truck Parts is a truck part retailer based in Grand Rapids, Michigan. The company sells a wide range of truck systems, including automatic transmissions, automated manual transmissions (AMT), differentials, manual transmissions, hydraulic pumps, steering gears, and pumps. Weller has more than 35 locations across the United States, including those in Utah, California, Texas, Florida, Indiana, Ohio, Michigan and Washington. Weller Truck Parts employs more than 800 people and generates approximately $150 million in annual revenue.
Are Businesses Required to Report a Data Breach?
As a general rule, yes, businesses that experience a data breach must report that breach to all states where any affected parties lie. Additionally, some data breaches must also be reported to the federal government. Every state, as well as the District of Columbia, has data breach laws on the books requiring a company to provide victims of a breach with notice of the event. However, every state’s laws are different in terms of which breaches must be reported, when they must be reported, and what information must be contained in the data breach notification letter. The result is that, although data breach letters can serve as critical informational tools for victims, they vary widely in terms of actual usefulness.
Adding to the confusion is the fact that, currently, there is no federal law requiring companies to report a data breach. Thus, whether a company needs to report a data security incident depends on where the company is based and where the victims of the breach live.
While every state’s data breach laws vary, most require an organization to report a breach that exposes any “personally identifiable information.” However, because each state has its own laws on the topic, the definition of “personally identifiable information” varies between states as well. Again, this creates a situation where a company may need to report a data security incident in some states but not others.
The idea behind requiring companies to provide notice of a data breach to affected parties is that it gives victims the chance to reduce the risk of harm that often follows in the wake of a data breach. In most cases, this includes identity theft and other frauds.
However, data breach notification laws are also important because they encourage companies to take consumer privacy laws seriously. For example, a company that knows it will need to report a breach may be more likely to do everything possible to prevent one from happening. If you were impacted by a recent data breach and want to learn more about your rights and potential remedies, reach out to a data breach lawyer for assistance.