Crimson Wine Data Breach Investigation

The Class Action Privacy and Data Breach Lawyers at The Lyon Firm are reviewing an alleged data breach incident at the Crimson Wine Group. The company said back in July that hackers accessed its systems and exfiltrated data and files that “potentially” contained sensitive information. Contact our attorneys to learn more about the incident that has reportedly impacted over 26,000 individuals in California and nationwide. Free consultations and case reviews.

What Happened at Crimson Wine Group?

On July 25, 2024, Crimson Wine Group discovered that it was a victim of a ransomware attack originating from the Abyss ransomware group. The attack resulted in a large data breach, with allegedly 1 TB of sensitive information compromised.

According to Halcyon, the Abyss ransomware group is a multi-extortion operation that first emerged in 2023, primarily targeting VMware ESXi environments. The group is known for hosting a TOR-based website where they list victims along with any exfiltrated data if the victims fail to comply with their ransom demands. Abyss Locker ransomware campaigns have targeted several industries, including finance, manufacturing, information technology, and healthcare.

Crimson Wine, which operates around 870 acres of vineyards across five regions in California, Washington and Oregon, owns popular brands including Pine Ridge Vineyards and Archery Summit.

Following any data theft event, plaintiffs can consider taking legal action if a company has been negligent in protecting the sensitive data of customers and staff. We believe that any entity that collects and stores sensitive data has a duty to protect it with secure IT networks. Compensation may be available for victims of a data breach to help pay for any damages related to the incident. Call us if you have received a data breach notification letter from Crimson. We can assist you in filing the proper claims and help minimize any future risks of fraud and identity theft.