Cyber Incident Victim: Pirelli Tire LLC
Date:
Sep 2024
Location:
United States of America
Summary
A cybersecurity incident impacting Pirelli Tire LLC exposed personal information of 332 individuals, including one Maine resident. The breach involved unauthorized access to names combined with other personal identifiers, though specific data elements were not detailed. The company, through outside counsel, provided written notifications to affected individuals and offered one year of three-bureau credit monitoring services via Epiq as identity theft protection. The breach was discovered shortly after it occurred, with consumer notifications following approximately three months later. No prior breaches within the preceding twelve months were reported in the filing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 18, 2024, Pirelli Tire LLC experienced a data breach involving unauthorized access to personal information. The Rome, Georgia-based company discovered the incident on September 24, 2024, six days after the breach occurred. The compromise affected 332 individuals nationwide, including one resident of Maine whose notification triggered regulatory disclosure requirements. Exposed data included names combined with other personal identifiers, though the specific categories of compromised information beyond this combination were not detailed in the breach notice. Pirelli engaged external legal counsel from Dentons US LLP to manage regulatory compliance, with partner Todd Daubert serving as the designated contact for the incident reporting process. The company did not disclose the attack vector or method of intrusion in its Maine Attorney General filing, classifying the event simply as "Other" in the breach description field. No evidence suggested this incident connected to any previous breaches within the preceding twelve-month period.
Pirelli initiated written notifications to affected individuals on December 19, 2024, approximately three months after breach discovery. The company provided Maine residents with a copy of its standard notification letter titled "Pirelli_Tire_LLC_Notification_Letter_0001.pdf" as part of its compliance documentation. All impacted persons received offers for identity theft protection services through Epiq, consisting of three-bureau credit monitoring for one year. The delayed notification timeline between discovery on September 24 and consumer alerts on December 19 indicated an investigation period, though the filing did not specify the duration of forensic analysis or containment activities. No public statements referenced whether law enforcement had been engaged or whether additional security measures beyond credit monitoring had been implemented. The breach's limited scope affected fewer than 1,000 Maine residents, exempting Pirelli from federal consumer reporting agency notification requirements under state law thresholds.