Data Breach Alert: Bridgestone Americas, Inc. | Console and Associates, PC

Recently, Bridgestone Americas, Inc. (“Bridgestone”) was the target of a ransomware attack that may have compromised the sensitive information of an unknown number of consumers or employees. If at any time you receive a data breach notification, it is essential that you understand what is at risk.

Last year, 1,862 data breaches affected more than 189 million people. On average, victims of identity theft spend 200 hours and over $1,300 trying to find their identity. Many victims also suffer emotional distress, credit damage, and some even end up with criminal records. Taking immediate action is the best way to prevent the worst consequences of a data breach. If Bridgestone informs you that your data has been exfiltrated by a ransomware gang and it appears that Bridgestone did not properly protect your sensitive information, you may be entitled to financial compensation through a data breach lawsuit.

What we know so far about the Bridgestone data breach

According to a statement released by the company, on February 28, 2022, Bridgestone became aware for the first time of a computer incident impacting some of its computer systems. In response, Bridgestone enlisted the help of external cybersecurity advisors to review the situation. It was quickly determined that the computer incident involved a ransomware attack.

Initially, it was unclear who had led the attack. However, BleepingComputer.com reports that, on March 11, 2022, the LockBit ransomware gang claimed responsibility, naming Bridgestone Americas, Inc. among its list of victims. The LockBit ransomware gang has threatened to release the obtained data online, presumably if Bridgestone does not respond to the ransom demand.

Given the recentness of the ransomware attack, it has not yet been determined what, if any, consumer information was compromised as a result of the incident.

Bridgestone Americas, Inc. is the American division of Bridgestone Corporation, a Japanese tire company. Bridgestone Corp. was founded in 1931 in Kurume, Fukuoka Prefecture, Japan. The company manufactures and sells tires in more than 150 countries and employs more than 138,000 people. In 1988, Bridgestone acquired the American tire manufacturer Firestone Tire and Rubber Company. Bridgestone currently manufactures tires under the following brands, Bridgestone, Firestone, Primewell and Fuzion.

Learn more about the causes and risks of data breaches

Often, data breaches result from a hacker gaining unauthorized access to a company’s computer systems in an attempt to obtain sensitive consumer information. This can be done through covert hacking or, as seems to be the case here, through a ransomware attack. Although no one can know why the LockBit ransomware gang targeted Bridgestone, it is common for hackers and other criminals to identify companies suspected of having weak data security systems or vulnerabilities in their networks.

Although the fact that your information has been compromised in a data breach does not necessarily mean that it will be used for criminal purposes, being the victim of a data breach puts your sensitive data in the hands of someone unauthorized. Therefore, you are at increased risk of identity theft and other fraud, and criminal use of your information is a possibility that should not be ignored.

Given this reality, individuals who may receive a Bridgestone data breach notification should take the situation seriously and remain vigilant by checking for any signs of unauthorized activity. Companies like Bridgestone are responsible for protecting consumer data in their possession.

What recourse do consumers have following the Bridgestone Ransomware attack?

Notably, Bridgestone has yet to confirm whether any consumer data was compromised as a result of the recent ransomware attack. However, it seems that the LockBit ransomware gang was able to obtain some information from the company’s servers.

Of course, given the recentness of Bridgestone’s data breach, the investigation into the incident is still in its early stages. And, at this time, there is no evidence yet to suggest that Bridgestone is legally liable for the breach. However, that may change as more information about the breach and its causes comes to light.

What should you do if you receive a Bridgestone data breach notification?

If Bridgestone determines that consumer information was compromised in the ransomware attack, it will likely send data breach notifications to affected parties. If you receive a data breach notification letter from Bridgestone at some point in the future, you should take the following steps:

  1. Identify compromised information: The first thing to do after becoming aware of a data breach is to carefully review the data breach letter sent. The letter will tell you what information about you was accessible to the unauthorized party. Be sure to make a copy of the letter and keep it for your records. If you’re having trouble understanding the letter or what steps you can take to protect yourself, a data breach attorney can help.

  2. Limit future access to your accounts: Once you’ve determined what information about you was affected by the breach, the safest game is to assume that the hacker who orchestrated the attack stole your data. Although this is not the case, prevention is better than cure. To prevent future access to your accounts, you must change all passwords and security questions for any online account. This includes online banking accounts, credit card accounts, online shopping accounts, and any other accounts that contain your personal information. You should also consider changing your social media account passwords and setting up multi-factor authentication where available.

  3. Protect your credit and financial accounts: After a data breach, companies often provide affected parties with free credit monitoring services. Signing up for free credit monitoring offers important protections and does not affect any of your rights to bring a data breach lawsuit against the company if it is found to be legally responsible for the violation. You should contact a credit bureau to request a copy of your credit file, even if you notice no signs of fraud or unauthorized activity. Adding a fraud alert to your account will provide you with additional protection.

  4. Consider implementing a credit freeze: A credit freeze prevents anyone from accessing your credit file. Credit freezes are free and remain in effect until you remove them. Once a credit freeze is in place, you can temporarily lift it if you need to apply for any type of credit. While freezing credit on your accounts may seem like overkill, given the risks involved, it’s warranted. According to the Identity Theft Resource Center (“ITRC”), freezing credit on your account is “the most effective way to prevent a new credit/financial account from being opened.” However, only 3% of data breach victims freeze their accounts.

  5. Monitor your credit report and financial accounts regularly: Protecting yourself following a data breach requires continuous effort on your part. You should regularly check your credit report and all financial account statements for any signs of unauthorized activity or fraud. You should also call your banks and credit card companies to report that your information has been compromised in a data breach.

Below is a statement made by Bridgestone Americas, Inc. regarding the recent ransomware attack, as reported by BleepingComputer.com:

On February 27, 2022, Bridgestone Americas detected a computer security incident. Since then, we have proactively notified federal law enforcement and remain in communication with them. We are also working around the clock with external security advisors, Accenture Security, to investigate and understand the full scope and nature of the incident. We have determined that this incident was the result of a ransomware attack. We have no evidence that it was a targeted attack. Unfortunately, ransomware attacks similar to this one are increasingly sophisticated and affect thousands of organizations of all sizes.

As part of our investigation, we learned that the threat actor followed a pattern of behavior common to attacks of this type by deleting information from a limited number of Bridgestone systems and threatening to make that information public.

We are committed to conducting a prompt and decisive investigation to determine as soon as possible what specific data has been extracted from our environment. Bridgestone places the utmost importance on the security of the information of its teammates, customers and partners. We will continue to communicate with them often, working together to mitigate the potential damage from these types of incidents and to further improve our cybersecurity measures, as recommended by our internal and external security advisors.

Comments are closed.