Thought Leadership

R.R. Donnelley Ransomware Data Breach Investigation

R.R. Donnelley & Sons Company (“R.R. Donnelley”), a Fortune 500 company located in Chicago, Illinois, that provides marketing and business communications, commercial printing, and related services, suffered a ransomware data breach exposing hundreds of thousands of individuals’ highly sensitive personal information.

If you received a data breach notice letter from a business entity that has indicated that R.R. Donnelley, a third-party vendor, had its computer networks hacked, please contact us as soon as possible to understand your legal rights in response to the data breach of your sensitive personal information.

WHAT HAPPENED?

According to information recently disclosed to its clients, R.R. Donnelley confirmed that a ransomware attack had occurred on its computer network on December 23, 2021. It was only in April 2022 that R.R. Donnelley finally announced that highly sensitive personal information of its customer clients had been removed from its computer systems by an unauthorized third party in a ransomware attack on its computer systems. R.R. Donnelley has given no indication as to why it has taken over three months to notify affected individuals of the data breach. In a recent filing with the SEC, R.R. Donnelly stated that it “has become aware that certain of its corporate data was accessed and exfiltrated, the nature of which is being actively examined.” The ransomware group that has taken responsibility has also indicated that it began to leak 2.5 GB of the highly sensitive personal information which was quickly removed from public view after R.R. Donnelley began negotiations to prevent the release of further information.

HOW MANY PEOPLE ARE IMPACTED BY THE DATA BREACH?

In total, it is likely that hundreds of thousands of individuals’ highly sensitive personal information was compromised in the R.R. Donnelley data breach. Recognizing the seriousness of the data breach and the sensitive personal information involved, R.R. Donnelley has recommended that the data breach victims remain vigilant against cybersecurity threats and identity theft and to take proactive steps to protect their individual accounts.

WHAT INFORMATION WAS EXPOSED IN THE DATA BREACH?

R.R. Donnelley has disclosed the following highly sensitive personal information was included in the data breach:

  • Names;
  • Addresses;
  • Account Numbers;
  • Account Value;
  • Birthdates; and
  • Social Security Numbers.

WHAT SHOULD I DO IF I RECEIVED NOTIFICATION OF THE ADAPTIVE HEALTH INTEGRATIONS DATA BREACH?

If you would like to have a free, confidential consultation with an attorney to learn more about your rights and potential legal remedies in response to the R.R. Donnelley Data Breach, please contact Hellmuth & Johnson attorney Nathan Prosser at (952) 746-2124, or email at [email protected].

ABOUT THE AUTHOR

Nathan D. Prosser
Phone: 952-746-2124
VIEW BIOGRAPHY

RELATED PROFESSIONALS

VIEW MORE POSTS BY AUTHOR