Cyber Incident Victim: Klaussner Furniture Industries

Klaussner Furniture Industries, Inc., based in Asheboro, North Carolina, discovered a data security incident in February 2019 that potentially compromised personal information of current and former employees and their dependents. Upon identifying the incident, the company initiated an internal investigation, retained a leading forensic firm, and notified law enforcement authorities. The subsequent forensic investigation revealed that an unauthorized third party had gained access to two computers within Klaussner's network. These systems contained sensitive personal data, though investigators found no evidence confirming that any information was actually accessed or exfiltrated. The compromised computers stored information spanning multiple periods, including data from 1998 and continuous records from 2004 through February 25, 2019.

The affected data included first and last names, addresses, Social Security numbers, financial account information, dates of birth, health-related details, and health benefit election records. This information pertained to employees from the specified periods and their dependents listed on health benefit election forms. Klaussner notified over 9,000 potentially impacted individuals on April 5, 2019, despite the absence of confirmed data misuse or identity theft incidents. As a precautionary measure, the company offered complimentary identity protection services for one year through a third-party provider. Klaussner established a dedicated call center to address inquiries and facilitate enrollment in these services. In response to the breach, the company implemented enhanced security protocols, including rebuilding affected systems, deploying additional security controls, and evaluating further infrastructure improvements to prevent recurrence. The notification emphasized Klaussner's regret over the incident and its commitment to strengthening data protection measures.