Cyber Incident Victim: Axel Royal LLC
Date:
Feb 2022
Location:
United States of America
Summary
Axel Royal LLC experienced a cybersecurity incident where an unauthorized party accessed its computer systems during a specific period, copying files containing sensitive consumer data. The compromised information included names, driver's license numbers, state IDs, financial and payment card details, medical and health insurance records, Social Security and passport numbers, biometric data, and online credentials. The manufacturing firm, based in Tulsa and serving industries such as agriculture, automotive, and energy, initiated an investigation with third-party cybersecurity experts upon discovering the breach. Affected individuals were subsequently notified through data breach letters, though the exact discovery timeline of the incident was not disclosed. The breach exposed personal and financial data that could be exploited for identity theft or fraudulent activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Axel Royal LLC, a Tulsa-based manufacturing company specializing in lubricating oil and grease products, publicly disclosed a data breach on August 23, 2022, through its website and filings with state attorney general offices including Montana's. The company reported that an unauthorized party accessed its computer network between February 8, 2022, and March 7, 2022, during which period attackers copied files containing sensitive consumer information. While Axel Royal did not specify the exact date of breach discovery, it stated that upon learning of the incident, it immediately initiated an investigation with assistance from third-party cybersecurity experts. The compromised data included names, driver's license numbers, state identification numbers, financial account details, payment card information, medical records, health insurance information, Social Security numbers, passport numbers, biometric data, and online account credentials. The breach impacted an unspecified number of individuals across industries served by Axel Royal, including agriculture, automotive, construction, oil and natural gas sectors. Following completion of its forensic review to identify affected parties and compromised data types, the company began mailing individualized breach notification letters to victims on August 23, 2022, the same date as its public disclosure.
The breach exposed multiple categories of personally identifiable information and protected health information that could enable various forms of fraud. According to Axel Royal's disclosure, attackers potentially obtained sufficient data to commit identity theft through credit card fraud, loan applications, tax refund interception, and fraudulent utility account creation. The company, which employs 93 people and generates approximately $21 million in annual revenue, did not disclose technical details about the attack vector, network security measures, or total number of affected individuals. Its public statements emphasized the timeframe of unauthorized access (February 8-March 7) and the subsequent investigative process that determined data compromise scope. No information was provided regarding containment measures taken during or after the breach period, nor about potential operational disruptions to manufacturing systems. The breach notifications advised recipients to remain vigilant against financial fraud but did not specify remediation offerings such as credit monitoring services. Axel Royal's disclosure highlighted the risk of Social Security number exploitation particularly for tax fraud and new account creation, though the company did not confirm whether any specific misuse had occurred post-breach.