Cyber Incident Victim: Sewell Family of Companies

On or around August 1, 2020, the Sewell Family of Companies (SFC) detected an unauthorized attempt to access its network. The organization responded by immediately shutting down its network to prevent further unauthorized activity. SFC initiated an internal investigation, notified the Federal Bureau of Investigation, and engaged computer forensic specialists to assist in determining the scope and impact of the incident. The investigation concluded that while there was no evidence of misuse of any information stored on the network, personal information belonging to a subset of individuals associated with SFC could have been exposed to unauthorized parties. The organization did not disclose the specific types of data potentially compromised or the exact number of affected individuals, though it characterized the impacted group as a "small number" relative to its total customer and employee base.

SFC completed its investigation by March 17, 2021, stating this was the earliest date it could confirm facts and establish protective resources. On that date, the organization mailed notification letters to potentially affected individuals, including customers, employees, and others who had conducted business with SFC. The letters offered at least 12 months of credit monitoring services and included instructions for contacting a dedicated call center established at (833) 416-0855. SFC emphasized that the vast majority of its community was unaffected and reiterated no evidence of fraud stemming from the incident. Concurrently, the organization implemented containment and remediation measures to strengthen network security, expressing confidence in its improved security posture following the event.