Recently, mall retailer Spencer Gifts, LLC, announced a data breach resulting from what the company explained was a “data security incident.” According to a press release from Spencer Gifts, on November 25, 2021, the company detected a security incident that impacted the availability and functionality of the corporate network. During a subsequent investigation, Spencer Gifts learned that an unauthorized party gained access to the company’s network during the two-day period between November 24 and November 26, 2021. The part of the network accessible to the unauthorized party contained data related to the company’s employee health plan. Thus, following the violation, the names, social security numbers, health plan information, and financial account information used to make direct deposits of more than 10,000 people were compromised.
Data breaches like this can happen in a number of different ways. Often, they are often the result of a hacker breaking into an organization’s network systems in an effort to gain access to sensitive consumer information. While it’s unclear why Spencer Gifts was the target of this recent cyberattack, cybercriminals frequently target companies that have vulnerabilities in their data security technology.
Once a hacker gains access to a company’s computer networks, they can often delete any information contained on the networks. However, companies may not know what parties’ information was accessed and whether the hacker retained some of their data. All a company can tell consumers is that their information was accessible. Either way, those whose information is compromised in a data breach are much more likely to become victims of identity theft or fall victim to other serious crimes. Given these risks, it is important for anyone who has received a data breach letter from Spencer Gifts, LLC to protect themselves against the risk of identity theft.
Those who have received a data breach letter from Spencer Gifts, LLC should be aware of the risks and take the necessary measures to limit the ability of others to assume their identity. Although someone’s information being compromised does not necessarily mean that the unauthorized party will use it for criminal purposes, it is quite common. This is particularly the case in recent years. In fact, since the start of the COVID-19 pandemic, the crime rate of identity theft has increased dramatically. In many situations, criminal actors obtain the data they need to commit these crimes through a data breach like this.
Companies like Spencer Gifts, LLC have a duty to protect consumer data. If evidence emerges that Spencer Gifts mishandled your sensitive information leading to the breach, you may be entitled to financial compensation through a data breach lawsuit.
Are consumers affected by the Spencer Gifts data breach entitled to financial compensation?
As a current or former employee of Spencer Gifts, you have provided the company with your personal information and have trusted them to keep your information secure. Anyone in your position would certainly assume that the company would take every precaution to prevent unauthorized parties from gaining access to sensitive employee data. However, news of this data breach raises very real questions about the adequacy of the company’s data security measures.
All employers have an ethical and legal obligation to ensure that sensitive employee information is kept private. And while developing and maintaining an effective data security system can be a burden, it is also a necessary cost of doing business in an environment where the threat of cyberattacks is ever-present.
US data breach laws allow employees to sue their employers for the misuse or careless handling of their data. However, these laws are complex and the news of this data breach is very recent. Thus, at present, there is still no evidence to show that Spencer Gifts bears responsibility for the cyberattack. However, this may change, as our data breach lawyers are investigating the violation to determine what legal remedies Spencer Gifts, LLC employees may have against the company.
If you have any questions about your ability to bring a data breach class action lawsuit against Spencer Gifts, LLC, you should contact a data breach attorney as soon as possible.
What to do if you received a data breach notification from Spencer Gifts, LLC
If Spencer Gifts sent you a data breach letter, you were among those whose personal data was accessible during the recent data breach. This means that a complete stranger, most likely a criminal, may have accessed, viewed and stored your sensitive personal information. Although no one can know why a hacker would want your information or what they might do with it, criminal intent cannot be ruled out. Given this reality, it is essential that you remain vigilant to protect yourself from the increased risk of identity theft by taking the following measures:
- Carefully read the data breach letter sent by Spencer Gifts, LLC to determine what information was accessible;
- Make a copy of the letter for your records;
- Sign up for the free credit monitoring service provided by Spencer Gifts, LLC;
- Change all your online passwords and security questions;
- Enable two-factor or multi-factor authentication, where available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that could be a sign of identity theft;
- Contact one of the major credit bureaus to ask them to add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
About Spencer Gifts, LLC
Founded in Easton, Pennsylvania in 1947, Spencer Gifts, LLC is a mall retailer with over 650 stores across the United States. Spencer Gifts sells a range of novelty and gag gifts, as well as clothing, home decor, collectible figurines and jewelry. Spencer Gifts’ target demographic is young adults ages 18-24. Spencer Gifts, LLC also owns the Spirit Halloween pop-up store, which sells costumes, decorations, and other seasonal items.
Spencer Gifts, LLC Consumer Data Breach Details
According to the latest data breach letter issued by Spencer Gifts, LLC on November 25, 2021, the company noticed issues with the “availability and functionality” of its computer network. Although Spencer Gifts did not specify the nature or cause of the cyberattack, the company revealed that during a subsequent investigation, it discovered that an unauthorized party gained access to the company’s network between on November 24 and 26, 2021. The compromised files were later determined to contain data related to the company’s employee health plan and contained full names, social security numbers, health plan information and financial account information for 10,024 people who are or have been employed by Spencer Gifts.
Around January 24, 2021, Spencer Gifts, LLC began sending written notice of the breach to all affected parties, outlining what happened and telling employees what they could do to protect themselves. Although Spencer Gifts is unaware that any of the compromised data was used by the unauthorized party, the company encouraged those who received a data breach letter to watch for signs of identity theft and fraud by closely monitoring their online accounts and credit reports.
Below is a copy of the initial data breach letter issued by Spencer Gifts, LLC (a sample copy of the actual notice sent to consumers can be found here):
Spencer Gifts LLC recognizes the importance of protecting the personal information we maintain. We are writing to inform you of a data security incident involving certain of your information. This notice explains the incident, the actions we have taken, and some additional actions you may consider taking in response.
On November 25, 2021, we detected a security incident that impacted the availability and functionality of our corporate network. Upon learning of the incident, we immediately took action to contain the incident, notified law enforcement, and initiated an investigation. During our investigation, we have determined that an unauthorized actor gained access to our network between November 24, 2021 and November 26, 2021 and may have accessed certain files contained on our servers. We reviewed these files and identified documents related to payroll and enrollment in our employee health plan, which contain your name, social security number, health plan selection, and financial account number used. for direct deposit.
We deeply regret any inconvenience or concern this incident may cause you, and we want you to know that we take this matter very seriously. As a precaution, we’ve arranged for you to receive a free one-year membership to Experian® IdentityWorksSM. This product helps detect possible misuse of your information and provides you with identity protection support focused on immediate identification and resolution of identity theft. IdentityWorks is free and signing up for this program will not affect your credit score. For instructions on how to activate your free one-year subscription and the steps you can take to protect your information, please see the pages that follow this letter.
To help prevent a similar occurrence in the future, we continue to review and improve our existing security protocols and practices, including the implementation of additional electronic security features. If you have any questions about the incident, please call 1-???-???-????, Monday through Friday, 9:00 a.m. to 6:30 p.m. Eastern Time (excluding certain United States holidays). For assistance enrolling in the free credit monitoring program, please contact Experian’s customer service team at 1-877-890-9332.