Cyber Incident Victim: Renewal by Andersen

Renewal by Andersen, a window-replacement subsidiary of Andersen Corporation, experienced a prolonged data security incident involving unauthorized access to its IT network. The breach timeline spanned approximately five years, from January 2018 through January 19, 2023, with specific unauthorized access occurring earlier in January 2023. The company first detected suspicious activity on January 19, 2023, prompting an immediate investigation with assistance from external cybersecurity experts. Forensic analysis confirmed that intruders accessed files containing sensitive consumer information, including full names, physical addresses, Social Security numbers, bank account and routing numbers, driver's license numbers, and credit card details. The compromised data review concluded on April 17, 2023, revealing that personal information of 13,464 individuals had been exposed.

In response to the breach confirmation, Renewal by Andersen initiated formal notification procedures on May 12, 2023, by filing with Maine's Office of the Attorney General and dispatching individual breach notices to affected consumers. The company's investigation did not publicly disclose the specific intrusion methods, affected internal systems, or whether data was exfiltrated versus merely accessed. No ransomware deployment or financial demands were mentioned in available reports. As a Minnesota-based enterprise with approximately 13,000 employees and $3 billion annual revenue, Andersen Corporation's subsidiary maintained standard breach response protocols including forensic review, data inventory analysis, and regulatory compliance measures. The incident exposed multiple high-risk data categories capable of facilitating identity theft and financial fraud against impacted consumers.