Altman Plants notifies thousands about data breach that compromised SSNs, credit cards, passwords, and more

Altman Specialty Plants this week confirmed it notified thousands of people about a September 11, 2023 data breach that compromised the following personal info:

  • Social Security number
  • Financial account info
  • Payment card info
  • Driver’s license number
  • Date of birth
  • Passport number
  • Employer ID number
  • Health insurance info
  • Medical info
  • Username
  • Password

Ransomware group LockBit claimed responsibility for the attack and demanded Altman Plants pay a ransom by September 28, 2023.

Altman Plants has not verified LockBit’s claim. The California horticultural grower did not specify whether the data belonged to employees, customers, or both. According to state attorneys general, Altman Plants notified 6,924 victims in Texas, plus a handful of residents from other states.

We do not yet know the exact number of people notified, whether Altman paid a ransom, how much LockBit demanded, how attackers breached Altman’s network, or why it took more than a year to notify victims. Comparitech contacted Altman Specialty Plants for comment and will update this article if it responds.

Eligible victims can take advantage of free credit monitoring and ID theft restoration services offered by Altman through a third-party.

Who is LockBit?

LockBit is one of the most prolific ransomware gangs of recent years and is responsible for hundreds, if not thousands, of attacks. The group is based in Russia. LockBit often employs a double-extortion model in which it demands one ransom to decrypt systems and a second ransom to delete any stolen data.

Comparitech researchers logged 66 confirmed ransomware attacks claimed by LockBit in 2024 so far, affecting more than 8 million records. It was responsible for another recent attack on David’s Bridal that compromised more than 4,000 records. The group claimed responsibility for another 421 attacks that haven’t been acknowledged by targets.

Ransomware attacks on US retail

In addition to data theft, ransomware attacks on retail companies can disrupt day-to-day operations such as placing orders, sending emails, making phone calls, billing, and payroll. Targets are coerced into paying a ransom for keys to restore affected systems, and/or for not selling or publishing stolen data.

In 2024 so far, Comparitech tracked 13 confirmed ransomware attacks on US retail companies, affecting 223,472 records. Another 74 attacks were claimed by ransomware gangs but not acknowledged by targets.

We recorded 30 such attacks in 2023, affecting 35.7 million records. Most of those records–35.5 million—were compromised in an attack on VF Corporation.

About Altman Specialty Plants

Altman Specialty Plants is the largest horticultural grower in the United States, according to its website. The California company supplies major retailers like Lowe’s, Home Depot, and Walmart with plants for retail sale under brands like Oasis, Smart Planet, and Element. It also sells plants wholesale and directly to consumers. According to its LinkedIn profile, the company has more than 1,000 employees.


Source link
Exit mobile version