Cyber Incident Victim: Columbia Grain International
Date:
Mar 2022
Location:
United States of America
Summary
Columbia Grain International experienced a network intrusion compromising sensitive consumer information, prompting notification to the Montana Attorney General and affected individuals. The breach likely exposed names combined with Social Security numbers, protected health data, government IDs, or financial account details. The company secured its systems and engaged a third-party security firm to investigate the incident. As a global agricultural supplier with extensive farmer networks, the incident impacted personal data linked to its operations, though specific compromised data types were not publicly disclosed in regulatory filings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 21, 2022, Columbia Grain International, LLC experienced a network intrusion that compromised a portion of its computer systems. The company secured its network following the breach and initiated an investigation with a third-party data security firm to assess the scope and determine whether consumer data was exposed. The investigation confirmed unauthorized access to sensitive consumer information, though the specific data types were not publicly disclosed by Columbia Grain or in the Montana Attorney General’s breach report. Based on Montana’s breach notification requirements, the compromised data likely included affected individuals’ first and last names combined with one or more of the following: Social Security numbers, protected health information, government identification numbers, or financial account details. Columbia Grain did not publish a breach notice on its corporate website but fulfilled its legal obligation by reporting the incident to the Montana Attorney General’s office on November 23, 2022.
The company dispatched individual data breach notification letters to affected consumers on November 23, 2022, seven months after the initial intrusion. These letters outlined the incident and provided guidance on mitigating identity theft and fraud risks. Columbia Grain, a global agricultural supplier founded in 1978 with over 8,000 farmers in its supply network, employs 191 people and generates approximately $99 million in annual revenue. The breach exposed vulnerabilities in the company’s network security, though no operational disruptions or system downtime were reported. The incident’s impact centered on consumer data compromise, with no disclosed evidence of data misuse or further attacker actions beyond the initial intrusion. Columbia Grain’s response adhered to regulatory timelines for notification but did not include public disclosure of technical details regarding the attack vector, containment measures, or forensic findings from the third-party investigation.