Recently, Brown Brothers Harriman & Co. (“BBH”) suffered a data breach after an unauthorized party gained access to sensitive consumer information provided to BBH through a cyberattack on the one of the company’s suppliers. According to the BBH, the breach resulted in the compromise of names, mailing addresses, social security numbers and account numbers. On May 11, 2022, BBH filed a formal notice of breach and sent data breach letters to all affected parties.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what your legal options are following the Brown Brothers Harriman data breach, please see our recent article on the subject. here.
What we know about the Brown Brothers Harriman data breach
According to an official notice filed by the company, in December 2021, BBBH was notified by one of its third-party vendors, RR Donnelley & Sons Company (“RRD”), that the company had been the target of a cyberattack. Thanks to independent sources, it has been confirmed to be a ransomware attack.
Initially, RRD informed BBH that the breach only affected RRD’s systems and that no BBH data was involved. However, in March 2022, RRD contacted BBH to tell the company that during the cyberattack, the unauthorized party extracted the BBH files from RRD’s system.
After discovering that sensitive consumer data was accessible to an unauthorized party, Brown Brothers Harriman then reviewed the affected files to determine exactly what information had been compromised. Although the information breached varies depending on the individual, it can include your name, mailing address, social security number, and account number. The Brown Brothers Harriman data breach is thought to have affected up to 2,800 people.
On May 11, 2022, Brown Brothers Harriman sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
More information about Brown Brothers Harriman & Co.
Brown Brothers Harriman & Co. is a privately held, managed financial services company based in Boston, Massachusetts. BBH works with investors, corporates, insurance companies, asset managers and institutional investors, providing private banking, investment management and investment services to individuals and organizations. Brown Brothers Harriman employs more than 6,000 people and generates approximately $1 billion in annual revenue.
Liability following a data breach
Under US data breach laws, companies may be financially liable to consumers whose information is disclosed as a result of a data breach. However, the mere fact that a breach has occurred is not sufficient to engage the liability of a company; there must be evidence that the company was negligent and that the negligence led to the breach.
Taking the example of the BBH breach, there are two potentially liable parties. First, RR Donnelley & Sons, the target of the breach that led to the information leak, may have been negligent in safeguarding the data entrusted to the company. For example, this could be because the company did not have an effective data security system in place, it mishandled a ransomware attack, or a company employee provided the access to an unauthorized party.
The other party potentially responsible for a breach like this is BBH. Admittedly, BBH appears to be a victim of the breach of the RRD. However, at the same time, BBH has a duty to its customers to ensure that third-party providers to whom it entrusts customer data have data security systems in place to protect that information.
Of course, it’s too early to tell if any of these companies are responsible for the breach. Those who wish to learn more about what steps to take following a data breach to protect themselves should contact an experienced data breach law firm as soon as possible.