Cyber Incident Victim: DiversiTech Corporation

DiversiTech Corporation, a manufacturing company based in Duluth, Georgia, confirmed a data breach involving unauthorized access to a company email account, which compromised consumer names and Social Security numbers. The breach was officially reported on June 10, 2022, with DiversiTech filing notices to government entities and dispatching data breach notification letters to affected individuals by June 14, 2022. The incident stemmed from unauthorized access to the company’s IT servers, exposing sensitive personal information, though specific technical details about the attack vector or duration of unauthorized access were not disclosed. DiversiTech, which specializes in HVAC component parts and PPE manufacturing, acknowledged the exposure of multiple data types but explicitly identified names and Social Security numbers as confirmed compromised elements. With over 529 employees and $250 million in annual revenue, the company operates subsidiaries including Morris Products, Inc., Pump House, and Alltemp Product Company, Ltd., though the breach’s impact on these entities was not specified. The breach notifications aimed to inform affected consumers of potential risks, including fraud and identity theft, though the exact number of impacted individuals remained undisclosed in available reports.

DiversiTech’s response focused on regulatory compliance and consumer notification, adhering to data breach disclosure requirements by promptly filing with authorities and issuing individualized notices. No details were provided regarding containment measures, forensic investigations, or system remediation efforts following the breach. The incident’s operational impact on DiversiTech’s manufacturing processes or subsidiary operations was not addressed in public filings. Legal analyses accompanying the breach report noted that affected consumers could potentially pursue negligence-based lawsuits if evidence showed DiversiTech failed to implement reasonable security measures, such as using outdated systems or inadequately training employees to prevent phishing incidents. However, the company’s disclosures did not confirm whether negligence contributed to the breach or whether any regulatory penalties were imposed. The compromised Social Security numbers heightened risks of financial fraud for victims, given the permanence and sensitivity of this identifier, though DiversiTech did not disclose whether credit monitoring services were offered to affected individuals.