Labels manufacturer Avery says ransomware attack impacted over 60,000 customers

Brea, California-based labelling giant, Avery Products Corporation, said that the ransomware incident it suffered last year compromised the sensitive personal information of more than 60,000 individuals.

 

Avery Products Corporation is a leading manufacturer of adhesive labels, labeling software, binders, dividers and other products that are used for laser and inkjet printers, labeling software, binders, sheet protectors, index and tab dividers and other office-, home- and school-related supplies.

 

In a data breach notice with state Attorney Generals of Maine and Massachusetts, the labels manufacturer said that on December 9, it became aware of a ransomware attack that affected its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Our investigation determined that an unauthorised actor inserted malicious software that was used to “scrape” credit card information used on our website, avery.com, between July 18, 2024, and December 9, 2024,” reads the notice.

 

The threat actor also accessed the sensitive personal information of its customers including, names, billing and shipping addresses, email addresses and phone numbers, payment card information including CVV numbers and expiration dates, and purchase amounts.

 

Avery has confirmed that Social Security numbers, driver’s license numbers or other government-issued ID numbers, dates of birth, or other sensitive personal information were not stored in Avery’s internal network and were not accessed by the threat actor. Also, there is no indication that online account credentials of its customers were compromised during the incident.

 

In a filing with the Maine state regulator, Avery said that it has identified at least 61,193 individuals who were impacted by the attack.

 

“Avery has security measures in place to protect the information in our possession and we continue to assess and update our security measures and train our employees to safeguard the privacy and security of information in our care,” Avery added.

 

While the company found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through CyberScout to all affected individuals.