Cyber Incident Victim: The Scoular Company
Date:
Oct 2022
Location:
United States of America
Summary
The Scoular Company confirmed a data breach stemming from unauthorized access to its network, compromising sensitive consumer information including names, dates of birth, Social Security numbers, driver’s license details, financial account and credit card data, medical records, and health insurance information. Following third-party notification of the intrusion, the company terminated unauthorized access, engaged law enforcement, and initiated an investigation with external cybersecurity experts to assess the scope. Affected individuals were subsequently notified of the incident, which exposed personal data linked to the logistics firm’s supply chain management operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Scoular Company, a Nebraska-based logistics and supply chain management firm, confirmed a data breach in its October 10, 2022 filing with the Montana Attorney General’s Office. The incident began when a third party alerted Scoular in January 2022 about unauthorized access to its secure computer network. Upon notification, the company immediately terminated all unauthorized access points, engaged law enforcement authorities, and initiated a forensic investigation with assistance from an external cybersecurity firm. The investigation verified that an intruder had infiltrated Scoular’s network and accessed files containing sensitive consumer information. Analysis of compromised records revealed exposure of personally identifiable information and protected health data, including full names, dates of birth, Social Security numbers, driver’s license numbers, passport details, government identification numbers, credit card information, financial account numbers, medical records, and health insurance information. Scoular completed its review of affected files in October 2022, determining the specific data elements compromised for each impacted individual. The company subsequently mailed breach notification letters to all affected parties on October 10, 2022, marking 284 days between breach discovery and consumer notification.
The breach exposed highly sensitive categories of personal data that significantly increase risks of identity theft and financial fraud for affected individuals. Scoular’s investigation did not publicly disclose the number of impacted consumers, attack vector, duration of network access, or whether data was exfiltrated versus merely accessed. Founded in 1892, the privately-held company specializes in grain transportation and storage solutions for agricultural producers, feed manufacturers, food processors, and renewable energy clients. With over 1,000 employees and $326 million in annual revenue, Scoular’s breach impacted multiple data types across government, financial, and medical domains. The company’s response included network containment measures, law enforcement coordination, and third-party forensic analysis, but did not disclose whether ransomware was involved or if attackers demanded payment. Montana’s data breach notification laws required the Attorney General filing due to the inclusion of state residents among affected parties. No additional technical details about system vulnerabilities, malware variants, or attacker infrastructure were released publicly.