Cyber Incident Victim: Flambeau, Inc.
Date:
Jul 2022
Location:
United States of America
Summary
Flambeau, Inc. experienced a cyberattack resulting in unauthorized access to sensitive consumer data, including names, dates of birth, addresses, and Social Security numbers, affecting 10,447 individuals. The manufacturing firm secured its systems, initiated an investigation with external cybersecurity experts, confirmed the data compromise, and notified impacted parties. Based in Wisconsin, the company specializes in thermoplastic product manufacturing and employs over 1,600 people.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 27, 2022, Flambeau, Inc. experienced a cybersecurity incident that disrupted access to its computer systems. The manufacturing company immediately secured its systems and initiated an investigation with assistance from an external cybersecurity firm to determine the nature, scope, and potential data exposure of the breach. The investigation concluded on September 16, 2022, confirming that unauthorized parties had accessed personal consumer information stored within Flambeau's systems. The compromised data included first and last names, dates of birth, mailing addresses, and Social Security numbers, with the specific information varying by individual. Flambeau subsequently conducted a review of affected files to identify impacted consumers, ultimately determining that 10,447 individuals had their sensitive information exposed. On October 19, 2022, exactly 84 days after the initial incident, the company formally reported the breach to the Maine Attorney General's Office and began mailing data breach notification letters to all affected parties. These letters detailed the compromised information types and advised recipients on potential identity theft risks stemming from the exposure of Social Security numbers.
Flambeau, a Baraboo-based manufacturer founded in 1947 with approximately 1,668 employees and $372 million annual revenue, did not publicly disclose technical details about the attack vector or whether ransomware was involved. The breach impacted multiple management groups across the organization, including its Automotive, Industrial Markets & Packaging, Retail Markets, Medical Markets, and Tooling divisions. No operational disruptions to manufacturing processes or proprietary product lines such as ArtBin, Duncan, or Flambeau Outdoors were reported in connection with the incident. The company's response focused exclusively on securing systems, investigating data exposure, and fulfilling regulatory notification obligations within three months of the initial compromise detection. The incident represents one of the larger manufacturing sector breaches reported in 2022 based on the confirmed impact to over 10,000 individuals' personally identifiable information.