Cyber Incident Victim: J.J. Keller

On May 10, 2021, J.J. Keller, a vendor providing Department of Transportation compliance services to AmeriGas, detected suspicious activity associated with a company email account. The vendor initiated an immediate investigation, determining that a J.J. Keller employee had fallen victim to a phishing email, resulting in the compromise of their account credentials. During an eight-second window of access, the threat actor(s) could view files within the compromised account before J.J. Keller reset the credentials. Forensic analysis confirmed the attacker accessed an internal email containing spreadsheet attachments with personal information of 123 AmeriGas employees, including Lab IDs, Social Security numbers, driver's license numbers, and dates of birth. J.J. Keller completed its investigation by May 21 and formally notified AmeriGas of the breach scope.

AmeriGas disclosed the incident to the New Hampshire Attorney General's Office in June 2021, confirming only one New Hampshire resident was affected. The company issued breach notification letters on June 4, offering free credit monitoring to impacted individuals while stating no evidence existed of data misuse or copying. This marked AmeriGas' second security incident in 2021, following a March disclosure involving a terminated customer service agent who potentially misused verbally provided credit card information during service calls. In that prior case, AmeriGas implemented additional safeguards post-incident but could not confirm whether specific customers' data was exploited. The J.J. Keller breach originated entirely within the vendor's systems, with no indication of AmeriGas network compromise. Both incidents highlighted operational risks affecting employee and customer data across different service channels.