Cyber Incident Victim: Morrison Products Inc
Date:
Feb 2021
Location:
United States of America
Summary
Morrison Products Inc. experienced a data breach where unauthorized access to its computer systems compromised sensitive employee information, including names, addresses, and Social Security numbers. The incident was initially detected through unusual network activity, prompting immediate security measures and a third-party investigation that later confirmed the breach. Affected individuals received notification letters detailing the exposure of their personal data and guidance on mitigating potential identity theft risks. The breach impacted employees across multiple company facilities, though specific numbers were not disclosed in regulatory filings.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 25, 2021, Morrison Products Inc.'s IT department detected unusual activity within the company’s computer systems, prompting immediate network security measures and the initiation of an internal investigation assisted by third-party data security experts. The investigation, which concluded nearly a year later on February 10, 2022, confirmed that an unauthorized party had accessed the company’s systems and obtained files containing sensitive employee information. Morrison Products subsequently reviewed the compromised files to identify the scope of impacted individuals and the specific data exposed, determining that affected records included employees’ names, addresses, and Social Security numbers. The breach notification process began on November 1, 2022, when the company reported the incident to the Attorneys General of Texas and Montana and dispatched individualized data breach letters to all affected employees. These letters detailed the nature of the compromised information and provided guidance on mitigating risks of identity theft and fraud stemming from the incident.
The breach impacted an undisclosed number of employees across Morrison Products’ operations in Ohio, Indiana, Georgia, Texas, and its facilities in Apodaca, Juarez, and Santa Catarina, Mexico, though the company did not disclose the exact intrusion methods or whether customer data was affected. Founded in 1923 and headquartered in Cleveland, Ohio, Morrison Products manufactures stamped metal components, automotive parts, and air-moving equipment, employing over 460 personnel with annual revenues of approximately $127 million at the time of the breach. The company’s response included securing its network upon detecting the anomaly, collaborating with external cybersecurity specialists for forensic analysis, and completing a 10-month investigation to verify data exposure before notifying regulators and victims. No ransomware payments, data misuse evidence, or operational disruptions were cited in regulatory filings. The compromised Social Security numbers and residential addresses exposed affected employees to potential financial fraud, necessitating credit monitoring and identity protection measures as referenced in the breach notifications.